Date: 19 Jan 2001 23:35:10 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: Matt Dillon <dillon@earth.backplane.com> Cc: mouss <usebsd@free.fr>, "Aleksandr A.Babaylov" <babolo@links.ru>, roam@orbitel.bg (Peter Pentchev), walter@binity.com, wayne@staff.msen.com, hackers@FreeBSD.ORG Subject: Re: Protections on inetd (and /sbin/* /usr/sbin/* in general) Message-ID: <xzpzognrx0h.fsf@flood.ping.uio.no> In-Reply-To: Matt Dillon's message of "Fri, 19 Jan 2001 12:34:15 -0800 (PST)" References: <20010117103330.L364@ringworld.oblivion.bg> <4.3.0.20010117215944.04b10ae0@pop.free.fr> <200101192034.f0JKYFW97724@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Matt Dillon <dillon@earth.backplane.com> writes: > The real problem here is the CGI script / server-side design allowing > the breakin in the first place. That's not a fixable problem when the customer is meant to provide his own scripts. I've worked on such a scenario before; we managed to chroot the scripts so we're reasonably confident that they can't do much harm except to themselves. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpzognrx0h.fsf>