Great Circle Associates Firewalls
(February 1998)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: http server for bastion host
From: Stepken <stepken @ edina . xnc . com>
Organization: Freie Software Systeme
Date: Mon, 09 Feb 1998 19:52:13 +0100
To: Emmanuel <emmanuel @ spprod . se>
Cc: Firewalls @ GreatCircle . COM
References: <Pine . BSF . 3 . 95 . 980208001259 . 8316T-100000 @ alive . znep . com> <3 . 0 . 5 . 32 . 19980209083928 . 009fb3c0 @ spprod . se>

Emmanuel wrote:
> 
> At 08:48 PM 2/8/98 +0100, Stepken wrote:
> 
> >It really doesn't matter, whether it runs as root or as user. Every user
> >can become root, with some common exploits. There are some patches for
> >chroot() and chuid(), which are urgently needed.
> 
> What a statement !
> 
> Do you other readers feels like me and consider this to be non-sense ?

No, because you need access to some programs, which have well known
wholes in it. With chroot() it's getting difficult to reach those
programs. After chuid() you don't have access to privileged ports.
If have neither (AND) it's getting difficult.

cu, Guido Stepken


Follow-Ups:
References:
Indexed By Date Previous: for Help:how to proxy UDP?
From: Zhu Chun <zhuchun @ buaa . edu . cn>
Next: Re: http server for bastion host
From: Randy Grimshaw <rgrimsha @ mailbox . syr . edu>
Indexed By Thread Previous: Re: http server for bastion host
From: Emmanuel <emmanuel @ spprod . se>
Next: Re: http server for bastion host
From: Peter da Silva <peter @ baileynm . com>

Google
 
Search Internet Search www.greatcircle.com