Bugtraq mailing list archives
Re: UnixWare
From: mengel () dcdmwm fnal gov (Marc W. Mengel)
Date: Tue, 26 Apr 94 17:07:12 -0600
In <9404261140.AA06990 () snark imsi com> you write: Carl Corey says: > I am currently in the position of allowing public access to a 486 running > UnixWare. Does anyone have a list of bugs that affect it? The system will > be accessable via dialup _and_ tcp ... If anyone has information regarding > what bugs it has, and what version they are fixed in (or patch IDs, etc) > ... please e-mail me or post to the list. Thanks. In general, its safer to plan a system to be as inherently secure as possible rather than trying to chase the bugs as they arise. I'll add to this my (perhaps to often repeated) suggestion to set the machine up with as few things running as root as possible. Mailers should run as "uucp" or "daemon" and be group mail, ps and friends should be setgid kmem and /dev/kmem should be group kmem, very few things, if any, in inetd.conf should be running as root. (One notices, for example, that most of the services in most inetd.conf files run as root, but other than those that need to authenticate and log in users (i.e. telnetd, ftpd, etc.) hardly any of them need to be... So if anyone breaks your finger daemon, and finger runs as "nobody", they can't do much. -marc
Current thread:
- Re: CERT Advisory - wuarchive ftpd Trojan Horse Alastair Young (Apr 06)
- Re: CERT Advisory - wuarchive ftpd Trojan Horse Bonfield James (Apr 11)
- <Possible follow-ups>
- Re: CERT Advisory - wuarchive ftpd Trojan Horse Pat Myrto (Apr 19)
- Re: IETF Dave Fetrow (Apr 19)
- Re: IETF Brad Passwaters (Apr 19)
- Summary of NFS Quest Responses Pat Myrto (Apr 20)
- UnixWare Carl Corey (Apr 25)
- Re: UnixWare Perry E. Metzger (Apr 26)
- Re: UnixWare Marc W. Mengel (Apr 26)
- Re: IETF Dave Fetrow (Apr 19)