Bugtraq mailing list archives
Re: UnixWare
From: mcn () nostromo c3 lanl gov (Michael Neuman)
Date: Wed, 27 Apr 1994 08:11:22 -0600 (MDT)
Carl Corey says:I have everything secured as far as that goes. I have set all permissions, regulated suid files, I have tcpwrapper and tripwire running, I also run a slightly modified COPS weekly, mailing any diff to me.This is NOT what I meant. I explicitly mean that you should go beyond simply leaving the machine as shipped and should actively remove existing SUID facilities to the extent possible and change all persistant system processes to run unprivileged if at all possible. I do not merely mean "regulating" SUID facilities. I really mean actively yanking them out and replacing them with non-SUID facilities. I also mean eliminating openings like world writable utmp files, devices, etc. If you do enough of that, you make your system inherently secure.
Huh? You go ahead and belive that. Personally, I can think of all sorts of security flaws at the kernel level that have NOTHING to do with setuid programs. (And then, I can also think of a few associated with programs that CAN'T be run non-setuid). Basically, the only solution is to keep up with the current bugs and install the latest patches, make as many things non-setuid as possible, and watch out for permission problems. For the latter two, Cops can help termendously. For the former, something better than bugtraq is needed. CERT reacts far too slowly to reported holes. I'd much rather shut down some functionality on my system to wait for a patch than leave systems wide open while waiting for a report to come from CERT. -Mike
Current thread:
- Re: UnixWare Carl Corey (Apr 26)
- Re: UnixWare Perry E. Metzger (Apr 27)
- Re: UnixWare Michael Neuman (Apr 27)
- Re: UnixWare Gene Spafford (Apr 27)
- Re: UnixWare a.e.mossberg (Apr 28)
- Re: UnixWare Gene Spafford (Apr 28)
- Re: UnixWare David A. Curry (Apr 28)
- HP's security stance (was Re: UnixWare) Bennett Todd (Apr 28)
- Re: HP's security stance (was Re: UnixWare) Gene Spafford (Apr 28)
- Re: UnixWare Christopher Klaus (Apr 28)
- Re: UnixWare Gene Spafford (Apr 28)
- Re: UnixWare Michael Neuman (Apr 27)
- Re: UnixWare Perry E. Metzger (Apr 27)
- <Possible follow-ups>
- Re: UnixWare Carl Corey (Apr 27)
- Re: UnixWare der Mouse (Apr 27)