Date: Wed, 18 Nov 1998 09:39:56 -0800 (PST) From: Marc Slemko <marcs@znep.com> To: Garance A Drosihn <drosih@rpi.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? & sendmail changes in OpenBSD 2.4 Message-ID: <Pine.BSF.4.05.9811180936570.19474-100000@alive.znep.com> In-Reply-To: <v0401170fb2779962d724@[128.113.24.47]>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 17 Nov 1998, Garance A Drosihn wrote: > At 2:14 PM -0600 11/17/98, William McVey wrote: > >Cliff Skolnick wrote: > >> I am more concerned about stand alone daemons like sendmail, > >> syslog, apache, etc. > > > > Most of these services could easily be modified to start from > > inetd as wait services. Basically, inetd does the port binding, > > setuid-ing, and execing, just like it always does. As I've > > mentioned before, sendmail can definitely run in this manner. > > So could most web servers. > > Seems to me the performance implications for web serving is > not very attractive. In my case I just go with a minimalist > web server (not apache, I think the name is just "thtppd") > to reduce the security exposure. (well, it reduces the > feature set too, of course, but I don't need the missing > features). You may think that going with a minimalist so-called secure program gives you an advantage, but that isn't necessarily the case. With thttpd, for example, when I took a look at it a few months ago it didn't take more than a few minutes to figure out how it can be used to read any file on the system that the user running it has access to. That is now fixed in the current version, but if five minutes found that, who knows what actually sitting down and seriously trying to find holes would do. It is also possible for any user that can write content to block the entire server from working for anyone. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9811180936570.19474-100000>