On Tue, 23 Jan 2001 20:05:41 +0100 (CET), Bernhard Rosenkraenzer said:
> On Tue, 23 Jan 2001, Albert E. Whale wrote:
>
> > Today I found that several unwanted guests have been able to connect via
> > ftp (not any more!). I also found some mysterious files 'running' on
> > the server. I was able to detect the processes using the monitor
> > utility (or top). However, I was UNABLE to find the processes in the ps
> > -ax output?????? I've never seen this before. Is this a new exploit?
>
> Chances are they replaced your ps with a patched version that doesn't show
> their stuff.
> Reinstall the procps package. Better yet, reinstall the system. You never
> know what else they've done to you.
>
Isn't RedHat playing with fire and making us play with fire by using software
who is either a regular provider of security problems ie wu-ftpd (what is wrong
with proftpd?) or software who is _structurally_ unsecure like sendmail? By
structurally unsecure I mean big setuid root program. The more code you have
running setuid root the greater the chances a bug will have catastrophic
consquences. So first step woulxd be to clean up RedHat of a few broken
programs kept in the name of tradition
I also don't understand why RedHat doesn't use its own excellent lokkit in the
installation. You just answer a couple questions, and connections coming from
the iNternet will be denied. In present state many users don't even know
about this jewel and in addition since the server install does not install X
(worth 2 dollars of disk space) it means you don't get it in the server
install.
Finally I would like to see better access control through RSBAC and the like i
Linux. The omnipotence of root and the fact far too many programs need to run
as root is a structural security problem in Unix.
JFM
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
