From owner-freebsd-chat Wed Feb 7 20:41:22 2001 Delivered-To: freebsd-chat@freebsd.org Received: from gray.westgate.gr (gray.westgate.gr [212.205.119.66]) by hub.freebsd.org (Postfix) with ESMTP id AF68637B491 for ; Wed, 7 Feb 2001 20:41:04 -0800 (PST) Received: (from charon@localhost) by gray.westgate.gr (8.11.1/8.11.1) id f184g5d02690; Thu, 8 Feb 2001 06:42:05 +0200 (EET) Date: Thu, 8 Feb 2001 06:42:05 +0200 (EET) From: Giorgos Keramidas To: David Schwartz Cc: Paul Richards , chat@FreeBSD.ORG Subject: RE: Laugh: [Fwd: Microsoft Security Bulletin MS01-008] In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 7 Feb 2001, David Schwartz wrote: > > > > - Servers could only be affected if the attacker were given the > > > ability to load a program of her choice onto the machine and > > > execute it locally. Best practices recommend against this. > > > You've gotta laugh really, a root compromise exists and the mitigating > > controls are to not let anyone use the box! > > > > Paul. > > In fairness to Microsoft, it is best practice not to let attackers access > your box. Yes, and in the rare case that an "attacker" is anyone who can login interactively on the system console, or upload and run executables on the server, you should stop your users from "running" programs on the box. Well, in that case, why not unplug the thing and bury it six feet under, to prevent users from logging on the system interactively. Sorry, David, but you missed a point that was being made by Paul here :-) According to the advisory, anyone who can login interactively and execute some program *is* a potential attacker. Kinda limiting to the things an administrator can allow one's users to do, don't you think? --giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message