Date: Thu, 22 Feb 2001 13:47:03 -0800 From: Kris Kennaway <kris@obsecurity.org> To: Marc Rassbach <marc@milestonerdl.com> Cc: Michael Richards <michael@fastmail.ca>, Cy.Schubert@uumail.gov.bc.ca, freebsd-security@FreeBSD.ORG Subject: Re: Bind problems Message-ID: <20010222134703.A7745@mollari.cthul.hu> In-Reply-To: <Pine.BSF.4.21.0102221521280.11103-100000@tandem.milestonerdl.com>; from marc@milestonerdl.com on Thu, Feb 22, 2001 at 03:22:55PM -0600 References: <3A9578A6.000055.93744@frodo.searchcanada.ca> <Pine.BSF.4.21.0102221521280.11103-100000@tandem.milestonerdl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--ikeVEW9yuYc//A+q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Feb 22, 2001 at 03:22:55PM -0600, Marc Rassbach wrote: > Or, you may have been running -u bind -g bind and that works to keep the > lid on things. (Unless the security team knows that -u -g on bind 8 > doesn't help.) Well, it doesn't really help, because it still gives the attacker an account on your system, which they can use to bootstrap to root if you have an unpatched local root hole. Even running in a chroot or jail only goes so far, because they can still run arbitrary code on the system as that user and use it to e.g. launch DDoS attacks, run an rc5des client, you name it :) Kris --ikeVEW9yuYc//A+q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6lYjXWry0BWjoQKURAl3mAJ0Z+kDhZNl/nu3OMDFEf+bFtEEliQCgp+6J y5/7S+BOOmDlPayKS9jFDeQ= =mOAv -----END PGP SIGNATURE----- --ikeVEW9yuYc//A+q-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010222134703.A7745>