[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How to block telnet access.
In <m3g101cw5l.fsf@azif.vallinor4.com>, abel@vallinor4.com (Alexander L. Belikoff) writes:
> So?! Just make all SUID binaries mode 4750 belonging to some
> designated group (suid) and make only _trusted_ users members of that
> group. Of course, the untrusted guys will have problems changing
> passwords / running a mail queue on their own, but that is not such a
> big deal as having someone playing with a most recent root shell
> exploit.
What about setgid programs?
Assuming you count them as well, your blanket suggestion also makes
it impossible to do lots of other things beside ``changing passwords /
running a mail queue''.
And it doesn't deal with security holes that don't stem from setuid
applications.
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il