Re: ?-able packages for a firewall.
So do you think we can do away with bsdutils altogether without any
Henry Hollenberg firstname.lastname@example.org
On Wed, 4 Mar 1998, Bernd Eckenfels wrote:
> > I was told that /usr/bin/script was dangerous to leave on a firewall and
> > so planned to delete it by hand it the bsdutils were installed.
> No Program running without special priveleges is especially dangerous on a
> firewall. You have to watch:
> a) running priveleged programs (with interaction to the world)
> inetd, smtpd, apache...
> b) programs which get called often from priveleged programs
> login, perl, ...
> b2) programs which get called often from unpriveleged programs
> (i dont think you can call any process on a firewall unpriveleged, even user
> nobody can list the process table for example. Since Linux is no A- or B-
> Level OS, you can ignore those kind of tools.
> c) programs which are suid
> c1) and needed: bad thing, avoid
> c2) and not needed for operation: remove
> d) programs which are not needed for operation
> These are no security risks itself. Removing them will only give u:
> d1) smaller system
> d2) harder for hackers to work on a hacked host
> Script is not suid and never used, therefore it is a class d) program.
> (there might be systems where script is sgid tty or something like that, but
> I cant remeber any).
> > also had a concern about /usr/bin/logger but thought removing this might
> > break sysklogd.....should it be left alone?
> No, it will not break syslogd, but it will break a few shell scripts which
> log their actions. Its a class b) program i think. Or d) if you remove the
E-mail the word "unsubscribe" to email@example.com
TO UNSUBSCRIBE FROM THIS MAILING LIST. Trouble? e-mail to firstname.lastname@example.org .