l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 20: Web Application Hacking: How to Make and Break Security on the Web
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2002 Jun 12 14:56

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] Who opened the floodgates?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] Who opened the floodgates?



Quoting Micah Cowan (micah@cowan.name):

> Very true. However, the principle is still the same - no program can
> be 100% gauranteed safe code (especially, as in some unfortunate
> circumstances, the fault was glibc's, and not the program proper), so
> treat root privileges like burning hot metal.

Indeed, I commend you on that general point, which was well stated.  I
was speaking only to the specific examples you cited (sendmail, BIND).

>> It should be noted that the root user can break out of any chroot
>> environment, pretty trivially.
> 
> Boy, that kinda defeats the purpose of chroot(), doesn't it?

Well, no.  Many processes don't need root (or equivalent) authority to
run, and yet you might wish to restrict their directory access.

-- 
Cheers,      "On the face of it, Microsoft complaining about the source license 
Rick Moen    used by Linux is like the event horizon calling the kettle black."
rick@linuxmafia.com             -- Adam Barr, former Microsoft Corp. programmer
_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!