LFS security problem: break-in

Jesse Tie Ten Quee highos at highos.com
Wed Aug 16 21:44:10 PDT 2000


Yo,

On Wed, 16 Aug 2000, Paul Jensen wrote:
> i wonder if there is a way verify the files all the back to the source?  

Apart from checking them once in a while and making sure everything is
cool *diff!*
 
> i don't think that just running http is going to prevent hacks.  New York
> times, FBI, CIA and Slashdot sites have been cracked.  perhaps using stack
> guard which must be compiled into all your programs might be the way to
> go.  if a buffer overflow occurs, the daemon just dies - no root access
> occurs.  

Aye, one could do that, allthough http is *a lot* more safe then ftp, imho

> the other defense (lids.org) employees a kernel patch that prevents the
> modification on binary files even by root.  this might be good for a
> public server that is getting attacked daily.

Didn't someone mention this.. attrib +i? or something; allthough
"primitive" it seems ala KISS.........

Seriously though, one has to find the balance between security and
usability.

If your looking for a secure box, don't run any services nor have any user
accounts... isn't usually usefull, eh? ;)

-
Jesse Tie Ten Quee - highos at highos dot com

--
Mail archive: http://www.pcrdallas.com/mail-archives/lfs-discuss
IRC access: server: irc.linuxfromscratch.org port: 6667 channel: #LFS
Unsubscribe: email lfs-discuss-request at linuxfromscratch.org and put
"unsubscribe" (without the quotation marks) in the body of the message
(no subject is required)



More information about the lfs-dev mailing list