Firewalls: Re: http server for bastion host

Firewalls
(February 1998)

Indexed By Thread: [Previous] [Next]

Subject:	Re: http server for bastion host
From:	Peter da Silva <peter @ baileynm . com>
Date:	Mon, 9 Feb 1998 19:32:05 -0600 (CST)
To:	stepken @ edina . xnc . com (Stepken)
Cc:	emmanuel @ spprod . se, Firewalls @ GreatCircle . COM
In-reply-to:	<34DF505D . 64383949 @ edina . xnc . com> from "Stepken" at Feb 9, 98 07:52:13 pm

> No, because you need access to some programs, which have well known
> wholes in it. With chroot() it's getting difficult to reach those
> programs. After chuid() you don't have access to privileged ports.
> If have neither (AND) it's getting difficult.

But, damn it, we've established that CERN HTTPD *is* one of those programs
already. What's the point in building a jail when you lock the keys inside?

References:

Re: http server for bastion host
From: Stepken <stepken @ edina . xnc . com>

Indexed By Date	Previous:	Re: http server for bastion host From: Peter da Silva <peter @ baileynm . com>
Indexed By Date	Next:	RE: LINUX FIREWALLS From: Chris Pugrud <ChrisP @ steldyn . com>
Indexed By Thread	Previous:	Re: http server for bastion host From: Stepken <stepken @ edina . xnc . com>
Indexed By Thread	Next:	Re: http server for bastion host From: "Michael H. Warfield" <mhw @ wittsend . com>