[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to block telnet access.



In <m3g101cw5l.fsf@azif.vallinor4.com>, abel@vallinor4.com (Alexander L. Belikoff) writes:

> So?! Just make all SUID binaries mode 4750 belonging to some
> designated group (suid) and make only _trusted_ users members of that
> group. Of course, the untrusted guys will have problems changing
> passwords / running a mail queue on their own, but that is not such a
> big deal as having someone playing with a most recent root shell
> exploit.

What about setgid programs?

Assuming you count them as well, your blanket suggestion also makes
it impossible to do lots of other things beside ``changing passwords / 
running a mail queue''.

And it doesn't deal with security holes that don't stem from setuid
applications.


=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il