From owner-freebsd-questions  Tue Jan  2 17:52:36 2001
From owner-freebsd-questions@FreeBSD.ORG  Tue Jan  2 17:52:32 2001
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from bryden.apana.org.au (bryden.apana.org.au [203.3.126.129])
	by hub.freebsd.org (Postfix) with ESMTP id 9B23C37B400
	for <questions@FreeBSD.ORG>; Tue,  2 Jan 2001 17:52:25 -0800 (PST)
Received: from dougy (dougy.apana.org.au [203.3.126.131])
	by bryden.apana.org.au (8.11.1/8.11.1) with SMTP id f031j3M19326;
	Wed, 3 Jan 2001 11:45:03 +1000 (EST)
	(envelope-from dougy@bryden.apana.org.au)
Message-ID: <008901c07527$c68a4a60$837e03cb@dougy>
From: "Doug Young" <dougy@bryden.apana.org.au>
To: <JonMS2010@aol.com>, <res02jw5@gte.net>, <questions@FreeBSD.ORG>
References: <62.aa1e4b9.2783dd01@aol.com>
Subject: Re: Security Problem
Date: Wed, 3 Jan 2001 11:52:04 +1000
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_0086_01C0757B.977135A0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2400
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

This is a multi-part message in MIME format.

------=_NextPart_000_0086_01C0757B.977135A0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

There's not much that doesn't have a security hole .... whether known =
ones or ones yet to
be discovered. The thing I like about sudo is that it helps control =
access to who can do
what.  The solution for people that paranoid about security could well =
be to lock the mission
critical machine down well & run services requiring shell access by =
users on a different (and=20
ideally less "mission critical") machine


  ----- Original Message -----=20
  From: JonMS2010@aol.com=20
  To: dougy@bryden.apana.org.au ; res02jw5@gte.net ; =
questions@FreeBSD.ORG=20
  Sent: Wednesday, January 03, 2001 11:40 AM
  Subject: Re: Security Problem


  Sudo has several issues security-wise, many of which are FreeBSD =
related.=20
  However, I will keep this e-mail in my box and will send more =
information=20
  about the security holes, etc. in it when I find some suitable URL's. =
--=20
  Jonathan M. Slivko=20

  --=20
  Jonathan M. Slivko <JonMS2010@AOL.COM>=20
  Website: http://hometown.aol.com/JonMS2010=20
  FreeBSD -- The Power To Serve!=20

  "Microsoft? Is that some kind of toilet paper?"=20
  --=20

------=_NextPart_000_0086_01C0757B.977135A0
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4522.1800" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>There's not much that doesn't have a =
security hole=20
.... whether known ones or ones yet to</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>be discovered. The thing I&nbsp;like =
about sudo is=20
that it helps control access to who can do</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>what.&nbsp; The solution for people =
that paranoid=20
about security could well be to lock the mission</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>critical machine down well &amp; run =
services=20
requiring shell access by users on a different (and </FONT></DIV>
<DIV><FONT face=3DArial size=3D2>ideally less "mission critical")=20
machine</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT><FONT face=3DArial =
size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
  <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
  <DIV=20
  style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
  <A title=3DJonMS2010@aol.com=20
  href=3D"mailto:JonMS2010@aol.com">JonMS2010@aol.com</A> </DIV>
  <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A =
title=3Ddougy@bryden.apana.org.au=20
  =
href=3D"mailto:dougy@bryden.apana.org.au">dougy@bryden.apana.org.au</A> =
; <A=20
  title=3Dres02jw5@gte.net =
href=3D"mailto:res02jw5@gte.net">res02jw5@gte.net</A> ;=20
  <A title=3Dquestions@FreeBSD.ORG=20
  href=3D"mailto:questions@FreeBSD.ORG">questions@FreeBSD.ORG</A> </DIV>
  <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Wednesday, January 03, =
2001 11:40=20
  AM</DIV>
  <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> Re: Security =
Problem</DIV>
  <DIV><BR></DIV><FONT face=3Darial,helvetica><FONT lang=3D0 =
face=3DTahoma size=3D2=20
  FAMILY=3D"SANSSERIF">Sudo has several issues security-wise, many of =
which are=20
  FreeBSD related. <BR>However, I will keep this e-mail in my box and =
will send=20
  more information <BR>about the security holes, etc. in it when I find =
some=20
  suitable URL's. -- <BR>Jonathan M. Slivko <BR><BR>-- <BR>Jonathan M. =
Slivko=20
  &lt;<A href=3D"mailto:JonMS2010@AOL.COM">JonMS2010@AOL.COM</A>&gt; =
<BR>Website:=20
  <A=20
  =
href=3D"http://hometown.aol.com/JonMS2010">http://hometown.aol.com/JonMS2=
010</A>=20
  <BR>FreeBSD -- The Power To Serve! <BR><BR>"Microsoft? Is that some =
kind of=20
  toilet paper?" <BR>--</FONT> </FONT></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_0086_01C0757B.977135A0--



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message