At 07:47 17/01/01 +0100, Walter W. Hop wrote: > > The exploit managed to start inetd, camped on the specified port > >I guess, if it doesn't exist already, that it wouldn't be so hard to >create a small patch to the kernel, so that only processes owned by root, >or a certain group of users (let's say "daemon"), were allowed to set up >listeners... just make IPPORT_RESERVED equal to 65535:) but then how will he be able to run an unprivileged http server? As it was said before, trying to change permissions, delete unnecessary binaries is just to much work for not much benefit. that thing called "minimalism" has simply failed to be of a real usefulness (I am exagerating a bit, but the truth is not elsewhere). it's like saying "don't let us have a knife at home, in case a thief gets in". but then you're just frustrating yourself. real attackers come with their own tools. regards, mouss To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
- Protections on inetd (and /sbin/* /usr/sbin/* in gene... Michael R. Wayne
- Re: Protections on inetd (and /sbin/* /usr/sbin/... Dima Dorfman
- Re: Protections on inetd (and /sbin/* /usr/sbin/... Walter W. Hop
- Re: Protections on inetd (and /sbin/* /usr/s... Peter Pentchev
- Re: Protections on inetd (and /sbin/* /u... David Malone
- Re: Protections on inetd (and /sbin/... Peter Pentchev
- Re: Protections on inetd (and /sbin/* /u... Aleksandr A.Babaylov
- Re: Protections on inetd (and /sbin/... mouss
- Re: Protections on inetd (and /... Matt Dillon
- Re: Protections on inetd (a... Dag-Erling Smorgrav
- Re: Protections on inetd (and /sbin/* /usr/s... mouss
- Re: Protections on inetd (and /sbin/* /usr/sbin/... Daniel C. Sobral
- Re: Protections on inetd (and /sbin/* /usr/sbin/... Gordon Tetlow
- Re: Protections on inetd (and /sbin/* /usr/s... Dag-Erling Smorgrav
- Re: Protections on inetd (and /sbin/* /u... Tony Finch
- Re: Protections on inetd (and /sbin/... Dag-Erling Smorgrav
- Re: Protections on inetd (and /... Andy Farkas
