Firewalls: Re: http server for bastion host

Firewalls
(February 1998)

Indexed By Thread: [Previous] [Next]

Subject:	Re: http server for bastion host
From:	Stepken <stepken @ edina . xnc . com>
Organization:	Freie Software Systeme
Date:	Mon, 09 Feb 1998 19:52:13 +0100
To:	Emmanuel <emmanuel @ spprod . se>
Cc:	Firewalls @ GreatCircle . COM
References:	<Pine . BSF . 3 . 95 . 980208001259 . 8316T-100000 @ alive . znep . com> <3 . 0 . 5 . 32 . 19980209083928 . 009fb3c0 @ spprod . se>

Emmanuel wrote:
> 
> At 08:48 PM 2/8/98 +0100, Stepken wrote:
> 
> >It really doesn't matter, whether it runs as root or as user. Every user
> >can become root, with some common exploits. There are some patches for
> >chroot() and chuid(), which are urgently needed.
> 
> What a statement !
> 
> Do you other readers feels like me and consider this to be non-sense ?

No, because you need access to some programs, which have well known
wholes in it. With chroot() it's getting difficult to reach those
programs. After chuid() you don't have access to privileged ports.
If have neither (AND) it's getting difficult.

cu, Guido Stepken

Follow-Ups:

Re: http server for bastion host
From: Peter da Silva <peter @ baileynm . com>

References:

Re: http server for bastion host
From: Marc Slemko <marcs @ znep . com>
Re: http server for bastion host
From: Emmanuel <emmanuel @ spprod . se>

Indexed By Date	Previous:	for Help:how to proxy UDP? From: Zhu Chun <zhuchun @ buaa . edu . cn>
Indexed By Date	Next:	Re: http server for bastion host From: Randy Grimshaw <rgrimsha @ mailbox . syr . edu>
Indexed By Thread	Previous:	Re: http server for bastion host From: Emmanuel <emmanuel @ spprod . se>
Indexed By Thread	Next:	Re: http server for bastion host From: Peter da Silva <peter @ baileynm . com>