From owner-freebsd-security Tue Aug 17 18:21: 1 1999 Delivered-To: freebsd-security@freebsd.org Received: from granite.sentex.net (granite.sentex.ca [199.212.134.1]) by hub.freebsd.org (Postfix) with ESMTP id 6940D14C59 for ; Tue, 17 Aug 1999 18:20:57 -0700 (PDT) (envelope-from mike@sentex.net) Received: from gravel (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with SMTP id VAA13335; Tue, 17 Aug 1999 21:18:32 -0400 (EDT) Message-Id: <4.1.19990817212048.0526b150@granite.sentex.ca> X-Sender: mdtancsa@granite.sentex.ca X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Tue, 17 Aug 1999 21:30:56 -0400 To: Barrett Richardson From: Mike Tancsa Subject: Re: Any work around for this FreeBSD bug/DoS ? Cc: freebsd-security@freebsd.org In-Reply-To: References: <4.1.19990816203409.05989960@granite.sentex.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >I've been using a mechanism that prevents the running the arbitrary >executables on my systems. I require a flag bit to be set for an >executable to be run -- so if script kiddie uploads or creates >a binary executable it wont run, unless I approve it by setting the >flag. At the moment I let shell scripts slide which will leave you >vunerable to perl -- but that could be easily changed. Interesting concept, but I guess it would get only the dumbest script kiddies. Also, more and more exploits seem to be released on perl to make them 'cross platform compatible'. ---Mike ********************************************************************** Mike Tancsa, Network Admin * mike@sentex.net Sentex Communications Corp, * http://www.sentex.net/mike Cambridge, Ontario * 01.519.651.3400 Canada * To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message