Date: Sun, 23 Aug 1998 08:01:22 -0500 (CDT) From: Joel Ray Holveck <joelh@gnu.org> To: imp@village.org Cc: dkelly@hiwaay.net, rabtter@aye.net, hackers@FreeBSD.ORG Subject: Re: I want to break binary compatibility. Message-ID: <199808231301.IAA09038@detlev.UUCP> In-Reply-To: <199808230515.XAA18500@harmony.village.org> (message from Warner Losh on Sat, 22 Aug 1998 23:15:56 -0600) References: <199808220240.VAA16809@nospam.hiwaay.net> <199808230515.XAA18500@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
>>> I have a problem with some hackers that are obsessed with making my >>> ISP's life miserable (they've already hacked our SGI). I've slapped >>> together a FreeBSD box to throw their webpages on it, turned off all >>> services except http. >> While you are at it and breaking binary compatibility for security >> reasons, make sure you remove stuff a webserver doesn't need such as >> /usr/include, compilers, manpages, etc. Maybe PicoBSD would be the >> place to start? > You are better off NOT breaking binary compatibility to get what you > want. You would be better served by porting StackGuard to FreeBSD, > which would give you excellent protection against most stack > overflows. I think the idea rabtter had in mind was to keep the intruders from compiling (or cross-compiling) some random utility from rootshell.com on another box and ftping it over. There are security holes other than stack overflows, you know. Best, joelh -- Joel Ray Holveck - joelh@gnu.org - http://www.wp.com/piquan Fourth law of programming: Anything that can go wrong wi sendmail: segmentation violation - core dumped To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808231301.IAA09038>