[6892] in bugtraq
Re: First patch :)
daemon@ATHENA.MIT.EDU (Peter van Dijk)
Mon Jun 1 16:46:17 1998
Date: Sat, 30 May 1998 13:24:19 +0200
Reply-To: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
From: Peter van Dijk <peter@ATTIC.VUURWERK.NL>
X-To: Chris Evans <chris@FERRET.LMH.OX.AC.UK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.3.95.980530002840.10527A-100000@ferret.lmh.ox.ac.uk>
On Sat, 30 May 1998, Chris Evans wrote:
> Hi,
>
> The "ruid" idea and prevent exec/fork of suid programs, is a nice idea but
> is really security through obscurity.
[snip]
> syscall chmod 666 /etc/passwd
You got a point there, but there are two things to remember:
- no system is secure... anything that helps, helps.
- it _will_ stop script kiddies, as most exploits seem to be based on
'standard shellcode by Aleph One'.
And stopping script kiddies is a _big_ part of the job. Most of the
systems I've seen hacked where hacked with your average rootshell exploit.
Greetz, Peter.
---------------------------------------------------------------------------
'Selfishness and separation have led me to . Peter 'Hardbeat' van Dijk
to believe that the world is not my problem . network security consultant
I am the world. And you are the world.' . (yeah, right...)
Live - 10.000 years (peace is now) . peter@attic.vuurwerk.nl
---------------------------------------------------------------------------
1:22pm up 4 days, 20:48, 3 users, load average: 1.40, 0.72, 0.30
---------------------------------------------------------------------------
