On Friday 09 November 2001 09:24, you wrote:
> On Fri, 9 Nov 2001, Robert Davies wrote:
> > On Thursday 08 November 2001 22:32, you wrote <arrrghh!!! who wrote! :P>
> >
> IMO, the most important point to make is that of privileges. If you
> carefully set these things up as a dedicated (non-root) user then there's
> a lot less damage these exploits can do :) Further, if you apply kernel
True, but you do get into problems if you have set non-root uid programs,
which need sometimes to be run by root (that's insecure).
I think I remember an lpd set up which tried to use SGUID and group spool
directories and things, but IIRC there was a subtle gotcha there to, and
there ended up being a CERT on it.
Rob
--------------------------------------------------------------------
http://www.lug.org.uk http://www.linuxportal.co.uk
http://www.linuxjob.co.uk http://www.linuxshop.co.uk
--------------------------------------------------------------------
This archive was generated by hypermail 2.1.3 : Thu 22 Nov 2001 - 13:19:30 GMT