Bugtraq mailing list archives
Re: EMERGENCY: new remote root exploit in UW imapd
From: angio () AROS NET (Dave Andersen)
Date: Tue, 21 Jul 1998 14:14:30 -0600
Lo and behold, Allanah Myles once said:
The traditional argument is that "with the way things currently are, it may be nearly impossible to redesign services to not require privilages." Well, then, if you want a secure system, be prepared to build one---from scratch, if need be. Perhaps even the existing notion of UNIX-based privilages is insufficient for any real security - design a better model, and implement it.
Other people have argued this point far better than I'm willing to in a short mail message, so I'll just point out a pretty good reference. This is mostly in the arena of research, not available products, so if you're looking for a quick fix, hit "delete" now. :) TIS (now "TIS labs at Network Associates" if we want to be formal. :-) has a great paper entitled "Confining Root Programs with Domain Type Enforcement". One major premise of the paper is that your root programs are likely to experience problems and compromises, so the best way to get around that is by reducing the spread of what those "root" programs can do. Similar arguments have been made for years on the least priviledge front, so I'll leave that side of things alone. http://www.tis.com/research/secure/compsys.html -Dave -- angio () aros net <-- play danderse () cs utah edu <-- work
Current thread:
- Re: EMERGENCY: new remote root exploit in UW imapd, (continued)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Craig Spannring (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd matt (Jul 17)
- Re: EMERGENCY: new remote root exploit in UW imapd Niall Smart (Jul 17)
- Bounds checking - historical aside Russell Fulton (Jul 20)
- Re: Bounds checking - historical aside Brett Glass (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Alex Belits (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 21)
- Bounds checking - historical aside Russell Fulton (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Allen Smith (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Allanah Myles (Jul 20)
- Re: EMERGENCY: new remote root exploit in UW imapd Dave Andersen (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Jim Greene (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Peter Jeremy (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd IBS / Andre Oppermann (Jul 21)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 22)
- Re: EMERGENCY: new remote root exploit in UW imapd Adam Shostack (Jul 23)
- Security Bulletins Digest vtmue () HEAVEN RUF UNI-FREIBURG DE (Jul 23)
- Apache 1.3.1 Released! Aleph One (Jul 23)
- Re: EMERGENCY: new remote root exploit in UW imapd Kragen (Jul 22)
- Re: EMERGENCY: new remote root exploit in UW imapd Alex Le Heux (Jul 22)
- Re: EMERGENCY: new remote root exploit in UW imapd D. J. Bernstein (Jul 28)
- Re: EMERGENCY: new remote root exploit in UW imapd der Mouse (Jul 28)
(Thread continues...)