Date: Thu, 11 Jun 1998 13:23:06 -0700 From: "Jordan K. Hubbard" <jkh@time.cdrom.com> To: jbryant@unix.tfs.net Cc: njs3@doc.ic.ac.uk (Niall Smart), freebsd-hackers@FreeBSD.ORG Subject: Re: [Fwd: Secure Ping 1.0] Message-ID: <3902.897596586@time.cdrom.com> In-Reply-To: Your message of "Thu, 11 Jun 1998 15:01:22 CDT." <199806112001.PAA22953@unix.tfs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> the original "secure-ping" idea presented is useful for preventing > abuse by the casual unix user. anyhow, what kind of idiot keeps a > compiler user-accessable in an untrusted environment?! Perhaps the kind of idiot who also knows that it makes about as much sense to "secure" a system that way as it does to install a locking door on a cardboard shack. :-) There are enough free shell accounts given out on the net that any reasonably determined newbie cracker can compile something somewhere else or just use the copy of PERL which is invariably found somewhere to do socket manipulation. You can't really control the creation or importation of strange executables onto your system, but what you can control is the execute bit itself. My first intro to this was what Paul Vixie first did on gatekeeper.dec.com - joblow could log in and FTP over all the ICMP killers they wanted, but any attempts to chmod them executable would just be silently ignored - it was blocked at the syscall level. I also believe there it was a kernel variable he could just set and unset with the debugger to turn this off when he himself needed to install something, but FreeBSD could probably more effectively key off the secure level and have "no new execs" as a kernel option to go along with a securelevel > 1, or something. - Jordan To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3902.897596586>