Firewall Wizards mailing list archives
Re: chroot useful?
From: Rick Murphy <rmurphy () itm-inst com>
Date: Mon, 17 Nov 1997 06:01:34 -0500
At 07:12 PM 16/11/97 +1100, Darren Reed wrote: Why not ask them. Many claim to run "hardened" versions of BSD or LINUX. Vulnerabilites and exploits are well publicized, and many of the developers read these lists. I doubt many are going to be so arrogant as to take a NIH approach to something Marcus has contributed to the state of the technology ;-)
The problem with this "hardening" claim is that there's usually no detail to back up what the hardening really is. Some tighten down the IP stack (adding spoof detection, additional alarming). Some tighten down the OS environment (fixing known bugs, removing unnecessary programs and removing suid bits where appropriate). Some do both. Neither of these are IMHO a "hardened OS" environment - what MJR and others are talking about, however, is a lot closer to "hardened". You're changing the operation of the underlying OS to disallow some forms of attack. I only know the details of a couple of firewall products well enough to say that the "hardened OS" really isn't - are there any products that actually dip down into the kernel and make changes to the overall environment to make the system less vulnerable to attack? -Rick
Current thread:
- Re: chroot useful?, (continued)
- Re: chroot useful? Paul McNabb (Nov 14)
- Re: chroot useful? Paul McNabb (Nov 14)
- Re: chroot useful? Paul McNabb (Nov 14)
- Re: chroot useful? Anton J Aylward (Nov 15)
- Re: chroot useful? Steven M. Bellovin (Nov 16)
- Re: chroot useful? Anton J Aylward (Nov 15)
- Re: chroot useful? Darren Reed (Nov 16)
- Re: chroot useful? Anton J Aylward (Nov 16)
- Re: chroot useful? Anton J Aylward (Nov 16)
- Re: chroot useful? Darren Reed (Nov 16)
- Re: chroot useful? Rick Murphy (Nov 17)
- Hardening, (was Re: chroot useful?) Marcus J. Ranum (Nov 20)
- Re: Hardening, (was Re: chroot useful?) Paul D. Robertson (Nov 21)
- Re: chroot useful? C. Harald Koch (Nov 20)
- Re: chroot useful? Darren Reed (Nov 16)
- Re: chroot useful? Wolfgang Ley (Nov 16)
- Re: chroot useful? Darren Reed (Nov 16)
- Re: chroot useful? Aleph One (Nov 17)
- syscall wrappers (was Re: chroot useful?) Bennett Todd (Nov 17)
- Re: syscall wrappers (was Re: chroot useful?) George Ross (Nov 20)