Re: Two questions about task-harden.

To: debian-devel@lists.debian.org
Subject: Re: Two questions about task-harden.
From: Andres Salomon <dilinger@mp3revolution.net>
Date: Fri, 24 Aug 2001 23:27:20 -0400
Message-id: <[🔎] 20010824232720.A27364@mp3revolution.net>
In-reply-to: <[🔎] 20010824125334.A10191@wiggy.net>
References: <[🔎] 20010823211431.A10673@chrystal.opal.dhs.org> <[🔎] 20010823172451.A18861@morgul.net> <[🔎] jvppu9msaem.fsf@grecotha.kendall.akamai.com> <[🔎] 20010824002918.H31276@wiggy.net> <[🔎] 002901c12c4a$29e107a0$b84c5d18@carolina.rr.com> <[🔎] 20010824125334.A10191@wiggy.net>

What difference does it make, whether it's remote or not?  A root 
vulnerability is something that one would want to avoid, as
much as possible.  Task harden's goal is to do that. Imo, it should
veer as much as possible
away from "risky" things; a setuid root sendmail binary is definitely
risky.  There are a few must-have setuid root binaries on a fully
functioning debian system, but sendmail is not among them.  Perfectly
reasonable alternatives, such as postfix (one setgid postdrop binary),
are available.

On Fri, Aug 24, 2001 at 12:53:34PM +0200, Wichert Akkerman wrote:
> 
> Previously Scott K. Ellis wrote:
> > Of course, there is the latest sendmail vunerability that SuSE is reporting.
> 
> It's not a remote one though so the impact is quite limited.
> 
> Wichert.
> 
> -- 
>   _________________________________________________________________
>  /       Nothing is fool-proof to a sufficiently talented fool     \
> | wichert@wiggy.net                   http://www.liacs.nl/~wichert/ |
> | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
> 

-- 
"Any OS is only as good as its admin, and you obviously suck."
	-- Ian Gulliver, http://orbz.org/mail/mansunix.txt

Reply to:

Follow-Ups:
- Re: Two questions about task-harden.
  - From: Ethan Benson <erbenson@alaska.net>

References:
- Two questions about task-harden.
  - From: Ola Lundqvist <opal@debian.org>
- Re: Two questions about task-harden.
  - From: Noah Meyerhans <noahm@debian.org>
- Re: Two questions about task-harden.
  - From: Brian Sniffen <bts@akamai.com>
- Re: Two questions about task-harden.
  - From: Wichert Akkerman <wichert@wiggy.net>
- Re: Two questions about task-harden.
  - From: "Scott K. Ellis" <scott@debian.org>
- Re: Two questions about task-harden.
  - From: Wichert Akkerman <wichert@wiggy.net>

Prev by Date: Re: Who is a Debian user?
Next by Date: Re: Base & Standard packages Bug Squashing Party
Previous by thread: Re: Two questions about task-harden.
Next by thread: Re: Two questions about task-harden.
Index(es):
- Date
- Thread