Date: Wed, 17 Jan 2001 21:56:11 +0100 From: mouss <usebsd@free.fr> To: "Walter W. Hop" <walter@binity.com>, "Michael R. Wayne" <wayne@staff.msen.com> Cc: hackers@FreeBSD.ORG Subject: Re: Protections on inetd (and /sbin/* /usr/sbin/* in general) Message-ID: <4.3.0.20010117213727.04b0be20@pop.free.fr> In-Reply-To: <19357397493.20010117074723@binity.com> References: <200101170335.WAA18537@manor.msen.com> <200101170335.WAA18537@manor.msen.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 07:47 17/01/01 +0100, Walter W. Hop wrote: > > The exploit managed to start inetd, camped on the specified port > >I guess, if it doesn't exist already, that it wouldn't be so hard to >create a small patch to the kernel, so that only processes owned by root, >or a certain group of users (let's say "daemon"), were allowed to set up >listeners... just make IPPORT_RESERVED equal to 65535:) but then how will he be able to run an unprivileged http server? As it was said before, trying to change permissions, delete unnecessary binaries is just to much work for not much benefit. that thing called "minimalism" has simply failed to be of a real usefulness (I am exagerating a bit, but the truth is not elsewhere). it's like saying "don't let us have a knife at home, in case a thief gets in". but then you're just frustrating yourself. real attackers come with their own tools. regards, mouss To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.0.20010117213727.04b0be20>