From owner-freebsd-hackers  Fri Aug 21 18:48:32 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA03730
          for freebsd-hackers-outgoing; Fri, 21 Aug 1998 18:48:32 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from gimli.cs.uct.ac.za (gimli.cs.uct.ac.za [137.158.128.24])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA03725
          for <hackers@freebsd.org>; Fri, 21 Aug 1998 18:48:29 -0700 (PDT)
          (envelope-from mwest@gimli.cs.uct.ac.za)
Received: from mwest (helo=localhost)
	by gimli.cs.uct.ac.za with local-smtp (Exim 1.92 #1)
	id 0zA2md-0004b5-00; Sat, 22 Aug 1998 03:47:59 +0200
Date: Sat, 22 Aug 1998 03:47:58 +0200 (SAST)
From: Matthew West <mwest@cs.uct.ac.za>
To: "B. Richardson" <rabtter@aye.net>
cc: Cc:  ;
Subject: Re: I want to break binary compatibility.
Message-ID: <Pine.BSF.3.96.980822032507.14475A-100000@gimli.cs.uct.ac.za>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

B. Richardson wrote:

> I have a problem with some hackers that are obsessed with making my
> ISP's life miserable (they've already hacked our SGI). I've slapped
> together a FreeBSD box to throw their webpages on it, turned off all
> services except http.
[snip]
> What I want to do, if possible is build a uniq system such that binaries
> from other systems will not run on it and vice versa. Is this possible?

You can achieve pretty much the same effect by mounting /home and /tmp
noexec.

Additionally, do a search for suid files and remove any that are not
necessary: 

# find / -perm \( -perm -u+s -or -perm -g+s \) -print

(or take the section from /etc/security).

--mwest@cs.uct.ac.za
  http://www.cs.uct.ac.za


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message