From owner-freebsd-hackers  Sun Aug 23 06:03:14 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id GAA14073
          for freebsd-hackers-outgoing; Sun, 23 Aug 1998 06:03:14 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from mail.camalott.com ([208.203.140.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA14066
          for <hackers@FreeBSD.ORG>; Sun, 23 Aug 1998 06:03:12 -0700 (PDT)
          (envelope-from joelh@gnu.org)
Received: from detlev.UUCP (tex-111.camalott.com [208.229.74.111])
	by mail.camalott.com (8.8.7/8.8.5) with ESMTP id IAA01901;
	Sun, 23 Aug 1998 08:03:42 -0500
Received: (from joelh@localhost)
	by detlev.UUCP (8.9.1/8.9.1) id IAA09038;
	Sun, 23 Aug 1998 08:01:22 -0500 (CDT)
	(envelope-from joelh)
Date: Sun, 23 Aug 1998 08:01:22 -0500 (CDT)
Message-Id: <199808231301.IAA09038@detlev.UUCP>
To: imp@village.org
CC: dkelly@hiwaay.net, rabtter@aye.net, hackers@FreeBSD.ORG
In-reply-to: <199808230515.XAA18500@harmony.village.org> (message from Warner
	Losh on Sat, 22 Aug 1998 23:15:56 -0600)
Subject: Re: I want to break binary compatibility.
From: Joel Ray Holveck <joelh@gnu.org>
Reply-to: joelh@gnu.org
References: <199808220240.VAA16809@nospam.hiwaay.net> <199808230515.XAA18500@harmony.village.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>>> I have a problem with some hackers that are obsessed with making my
>>> ISP's life miserable (they've already hacked our SGI). I've slapped
>>> together a FreeBSD box to throw their webpages on it, turned off all
>>> services except http.
>> While you are at it and breaking binary compatibility for security 
>> reasons, make sure you remove stuff a webserver doesn't need such as
>> /usr/include, compilers, manpages, etc. Maybe PicoBSD would be the 
>> place to start?
> You are better off NOT breaking binary compatibility to get what you
> want.  You would be better served by porting StackGuard to FreeBSD,
> which would give you excellent protection against most stack
> overflows.

I think the idea rabtter had in mind was to keep the intruders from
compiling (or cross-compiling) some random utility from rootshell.com
on another box and ftping it over.  There are security holes other
than stack overflows, you know.

Best,
joelh

-- 
Joel Ray Holveck - joelh@gnu.org - http://www.wp.com/piquan
   Fourth law of programming:
   Anything that can go wrong wi
sendmail: segmentation violation - core dumped

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message