Firewalls: Re: CERN httpd vs http-gw

Firewalls
(February 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: CERN httpd vs http-gw
From:	lavondes @ tidtest . total . fr (Michel Lavondes)
Date:	Fri, 10 Feb 95 18:06:56 GMT
To:	mcr @ milkyway . com (Michael Richardson)
Cc:	firewalls @ greatcircle . com (fw)
In-reply-to:	<3hg19s$a8q @ calisto . milkyway . com>; from "Michael Richardson" at Feb 10, 95 10:38 am
Reply-to:	lavondes @ tidtest . total . fr

Michael Richardson wrote :
> 
> [snip]
> 
>   Actually, I'd rather make chroot() and <1024 priveledges be
> contingeant on being in group "daemon" and never run these servers as
> root as at all.
>  

Wouldn't that increase the ease of opening privileged ports on a machine
and thus doing such things as denial of service, password capture, and
so on ?
-- 
Michel Lavondes
E-Mail : lavondes @
 tidtest .
 total .
 fr
         lavondes%tidtest .
 total .
 fr @
 pegase .
 total .
 fr (if previous addr rejected)
Tel : +33-1-4135-4198
Fax : +33-1-4135-4189

Follow-Ups:

Re: CERN httpd vs http-gw
From: Frank Wortner <frank @ prodigy . com>
Re: CERN httpd vs http-gw
From: mshaver @ schoolnet . carleton . ca (Mike Shaver)

References:

Re: CERN httpd vs http-gw
From: mcr @ milkyway . com (Michael Richardson)

Indexed By Date	Previous:	Re: Anon subscriber to firewalls @ greatcircle . com From: lavondes @ tidtest . total . fr (Michel Lavondes)
Indexed By Date	Next:	Re: Anon subscribers From: ericm @ MicroUnity . com (Eric Murray)
Indexed By Thread	Previous:	Re: CERN httpd vs http-gw From: mshaver @ schoolnet . carleton . ca (Mike Shaver)
Indexed By Thread	Next:	Re: CERN httpd vs http-gw From: mshaver @ schoolnet . carleton . ca (Mike Shaver)