From: Ben Ford <ben@kalifornia.com>
To: ttel5535@artax.karlin.mff.cuni.cz, linux-kernel@vger.kernel.org
Subject: Re: [OFFTOPIC] Re: [PATCH] Single user linux
Date: Tue, 24 Apr 2001 22:26:05 -0700 [thread overview]
Message-ID: <3AE65FED.5080407@kalifornia.com> (raw)
In-Reply-To: <Pine.LNX.4.21.0104241508370.11387-100000@artax.karlin.mff.cuni.cz>
Tomas Telensky wrote:
<snip>
>But, what I should say to the network security, is that AFAIK in the most
>of linux distributions the standard daemons (httpd, sendmail) are run as
>root! Having multi-user system or not! Why? For only listening to a port
><1024? Is there any elegant solution?
>
Yes, most daemons have the ability to switch user ID once they have
bound tho the port. Additionally, support is starting to show up for
capabilities. I know that ProFTPD has support. Now, assuming it is
running on a newer kernel, it never needs to be root, because it has
been granted the capability to open a low port. Even if it is cracked,
it cannot do other things like . . . insert a kernel module, . . .
overwrite /etc/passwd . . . . . etc
-b
--
Three things are certain:
Death, taxes, and lost data
Guess which has occurred.
- - - - - - - - - - - - - - - - - - - -
Patched Micro$oft servers are secure today . . . but tomorrow is another story!
next prev parent reply other threads:[~2001-04-25 6:30 UTC|newest]
Thread overview: 92+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <Pine.LNX.4.33.0103181407520.1426-100000@mikeg.weiden.de>
2001-03-18 14:43 ` changing mm->mmap_sem (was: Re: system call for process information?) Rik van Riel
2001-03-18 18:13 ` Linus Torvalds
2001-04-24 11:44 ` [PATCH] Single user linux imel96
2001-04-24 12:04 ` Alexander Viro
2001-04-24 12:44 ` imel96
2001-04-24 12:58 ` Daniel Stone
2001-04-24 13:27 ` imel96
2001-04-24 13:38 ` Daniel Stone
2001-04-24 14:04 ` problem found (was Re: [PATCH] Single user linux) imel96
2001-04-24 14:06 ` Daniel Stone
2001-04-24 14:47 ` Xavier Bestel
2001-04-25 18:13 ` Paul Jakma
2001-04-25 0:01 ` [PATCH] Single user linux Aaron Lehmann
2001-04-25 0:07 ` Daniel Stone
2001-04-25 0:16 ` Alan Cox
2001-04-25 0:34 ` Daniel Stone
2001-04-25 0:52 ` Gerhard Mack
2001-04-25 7:46 ` Ronald Bultje
2001-04-25 14:17 ` Disconnect
2001-04-27 20:06 ` Jim Gettys
2001-04-26 19:41 ` Pavel Machek
2001-04-27 19:00 ` Erik Mouw
2001-04-27 13:12 ` Robert Varga
2001-04-27 12:42 ` [OT] linux on pda was " Collectively Unconscious
2001-04-27 19:05 ` Erik Mouw
2001-04-27 13:34 ` Daniel Stone
2001-04-25 0:20 ` Aaron Lehmann
2001-04-25 0:32 ` Daniel Stone
2001-04-25 0:35 ` Aaron Lehmann
2001-04-25 0:43 ` Daniel Stone
2001-04-25 7:45 ` Alan Cox
2001-04-25 7:55 ` Daniel Stone
2001-04-25 15:07 ` Jonathan Lundell
2001-04-25 14:42 ` Jordan Crouse
2001-04-26 19:47 ` Pavel Machek
2001-04-25 1:12 ` Disconnect
2001-04-25 7:04 ` Mike A. Harris
2001-04-25 0:26 ` Jonathan Lundell
2001-04-25 7:13 ` Mike A. Harris
2001-04-26 19:54 ` agenda & vtech helio [was Re: [PATCH] Single user linux] Pavel Machek
2001-04-26 19:35 ` [PATCH] Single user linux Pavel Machek
2001-04-27 14:26 ` Daniel Stone
2001-04-24 13:40 ` Mohammad A. Haque
2001-04-25 5:29 ` Ben Ford
2001-04-24 12:59 ` Alexander Viro
2001-04-24 13:02 ` Sean Hunter
2001-04-24 13:03 ` Roland Seuhs
2001-04-24 13:50 ` Mike A. Harris
2001-04-24 13:13 ` Richard B. Johnson
2001-04-24 13:37 ` imel96
2001-04-25 7:57 ` Helge Hafting
2001-04-25 10:42 ` Albert D. Cahalan
2001-04-24 14:03 ` Alan Cox
2001-04-24 14:10 ` imel96
2001-04-24 14:27 ` Mike A. Harris
2001-04-24 14:30 ` Alan Cox
2001-04-24 15:07 ` Jeremy Jackson
2001-04-24 17:43 ` Russell King
2001-04-24 18:37 ` Garett Spencley
2001-04-24 12:51 ` Mohammad A. Haque
2001-04-24 13:07 ` Alexander Viro
2001-04-24 12:52 ` [OFFTOPIC] " Mike A. Harris
2001-04-24 13:18 ` Tomas Telensky
2001-04-24 13:34 ` Mohammad A. Haque
2001-04-24 13:40 ` Alexander Viro
2001-04-24 14:18 ` Alan Cox
2001-04-24 14:22 ` Alexander Viro
2001-04-24 14:37 ` Alan Cox
2001-04-24 14:41 ` Alexander Viro
2001-04-24 14:47 ` CaT
2001-04-24 14:59 ` Alan Cox
2001-04-24 15:11 ` CaT
2001-04-24 15:53 ` Alan Cox
2001-04-24 16:04 ` Alex Riesen
2001-04-24 17:02 ` Jesse Pollard
2001-04-24 17:16 ` Alan Cox
2001-04-24 17:30 ` Markus Schaber
2001-04-24 14:30 ` Gábor Lénárt
2001-04-24 14:49 ` Pjotr Kourzanoff
2001-04-24 14:56 ` Gábor Lénárt
2001-04-24 14:59 ` CaT
2001-04-24 15:17 ` Pjotr Kourzanoff
2001-04-24 14:50 ` Gerhard Mack
2001-04-24 15:00 ` Alan Cox
2001-04-24 13:37 ` Alexander Viro
2001-04-24 13:52 ` Tomas Telensky
2001-04-24 14:07 ` Alexander Viro
2001-04-24 19:03 ` David Gómez
2001-04-25 5:26 ` Ben Ford [this message]
2001-04-24 17:55 ` J Sloan
2001-04-24 17:06 ` Stephen Satchell
2001-04-24 15:11 [OFFTOPIC] " Jesse Pollard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3AE65FED.5080407@kalifornia.com \
--to=ben@kalifornia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=ttel5535@artax.karlin.mff.cuni.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).