From owner-freebsd-security  Sun Aug 16 06:12:14 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA09542
          for freebsd-security-outgoing; Sun, 16 Aug 1998 06:12:14 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from mail.ftf.dk (mail.ftf.dk [129.142.64.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA09537
          for <freebsd-security@FreeBSD.ORG>; Sun, 16 Aug 1998 06:12:13 -0700 (PDT)
          (envelope-from regnauld@deepo.prosa.dk)
Received: from mail.prosa.dk ([192.168.100.254])
	by mail.ftf.dk (8.8.8/8.8.8/gw-ftf-1.0) with ESMTP id PAA21440;
	Sun, 16 Aug 1998 15:16:48 +0200 (CEST)
	(envelope-from regnauld@deepo.prosa.dk)
Received: from deepo.prosa.dk (deepo.prosa.dk [192.168.100.10])
	by mail.prosa.dk (8.8.8/8.8.5/prosa-1.1) with ESMTP id PAA24757;
	Sun, 16 Aug 1998 15:19:35 +0200 (CEST)
Received: (from regnauld@localhost)
	by deepo.prosa.dk (8.8.8/8.8.5/prosa-1.1) id PAA23444;
	Sun, 16 Aug 1998 15:10:56 +0200 (CEST)
Message-ID: <19980816151056.63692@deepo.prosa.dk>
Date: Sun, 16 Aug 1998 15:10:56 +0200
From: Philippe Regnauld <regnauld@deepo.prosa.dk>
To: rotel@indigo.ie
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Fwd: "Using capabilties aaginst shell code" <dps@IO.STARGATE.CO.UK>
References: <19980815131309.14782@deepo.prosa.dk> <199808151348.OAA00655@indigo.ie>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.88e
In-Reply-To: <199808151348.OAA00655@indigo.ie>; from Niall Smart on Sat, Aug 15, 1998 at 02:48:11PM +0000
X-Operating-System: FreeBSD 2.2.6-RELEASE i386
Phone: +45 3336 4148
Address: Ahlefeldtsgade 16, 1359 Copenhagen K, Denmark
Organization: PROSA
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Niall Smart writes:
> > 
> > 	The point was to limit the number of outside attacks on 
> > 	priviledged network daemons.  Once the system has been broken
> > 	into, it's over...  "Just keep people out"
> 
> I'm not sure what you mean by this; disabling execve doesn't prevent
> outside attacks on network daemons.

	No, but it will prevent buffer overflows that spawn a root shell
	(i.e.: qpopper) -- or am I missing something ?

-- 
 -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]-

               The Internet is busy.  Please try again later.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message