| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: Most Unsecure OS? Yep, It`s Linux |
From: Mike '/m' There are programs in UNIX that need to, say, open a port <1024. On UNIX the rule is that you need to be root in order to open a port under 1024. So the entire program ran at root level all the time. The OpenBSD team are going through all the binaries and fixing the programs so that the amount of time they run as root is only the time necessary to perform the priviledged operations, then the priviledge of the program is dropped to that of a mere user. For example, when I connect to my server using ssh, the daemon on the server spawned a process that ran as root and did the ssh stuff for me. Now, the daemon on the server spawns a process with the priviledge level of my account. Lots of other areas are being modified in this manner. Another neat feature is the systrace command. This effectively applies access-control lists to system calls. http://www.openbsd.org/cgi-bin/man.cgi?query=systrace&sektion=1 /m On Sat, 30 Nov 2002 18:57:14 -0500, "Robert Comer" wrote: >>...priviledge reduction arena. > >? > >- Bob Comer > > >"Mike '/m'" wrote in message >news:shjiuucoiq77f2hk45mvtova3pu24sp2ia{at}4ax.com... >> On Sat, 30 Nov 2002 16:38:00 -0500, "Robert Comer" >> wrote: >> >> >> My point was, that open/closed source leaves the average Joe in the >same >> >> situation - neither one is automagically more secure than the other. >> > >> >And I agree with that point. >> > >> >> >> On the other hand, the OpenBSD folk have done and are doing some very >> nice work in the priviledge reduction arena. >> >> /m >> >> >> >> >> >> >> > >> >"Antti Kurenniemi" wrote in message >> >news:3de8fdc4$1{at}w3.nls.net... >> >> "Robert Comer" wrote in message >> >> news:3de8eeef{at}w3.nls.net... >> >> > > Provided that I am good enough at programming to even find >> >> > > what's wrong, let alone to understand the fix. >> >> > >> >> > You seem like you are to me, but if you aren't that's okay too, find >> >> > someone you trust and get them to test it if you don't trust it. >> >> >> >> My point was, that open/closed source leaves the average Joe in the >same >> >> situation - neither one is automagically more secure than the other. >> >> >> >> >> >> Antti Kurenniemi >> >> >> >> >> >> >> > >> > --- BBBS/NT v4.01 Flag-4* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/1.45) SEEN-BY: 3/2 10 106/1 120/544 123/500 379/1 633/260 267 270 285 774/0 605 SEEN-BY: 2432/200 7105/1 @PATH: 379/1 106/1 123/500 774/605 633/260 285 267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.