[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Linuxtag

On Sun, 28 Apr 2002 01:50, Joerg Jaspert wrote:
> > Someone who breaks it will only be able to run "ls" and can't write to
> > any file.  The only raised priviledge level of the FTP server is the
> > ability to log to syslog.
> Hmm, muddleftpd is out then. It has its own logging :)

I could easily change the policy to allow it to create files under /var/log, 
have them automatically transition to a new type that is only writable by the 
FTP server and then only allow it append access (not write, truncate, or 
delete).  That would be about 5 minutes work.

> > One of my future plans is to write some sample exploitable programs and
> > exploit programs for them, then I can demonstrate how such programs allow
> > root exploits on unprotected systems but don't allow anything on SE
> > systems.
> Hmm, sounds nice.
> This Linuxtag has a very good site: I get a full configured Debian SE
> System. (And i kill you if you rm -rf / that on 9. Juni ! ) :))


If I wanted to be nasty I'd leave you with only the root password, without a 
password for the sysadm_r role you can't do anything (root on SE Linux has 
less privs than a regular user on a regular Linux machine).  ;)

If you send email to me or to a mailing list that I use which has >4 lines
of legalistic junk at the end then you are specifically authorizing me to do
whatever I wish with the message and all other messages from your domain, by
posting the message you agree that your long legalistic sig is void.

To UNSUBSCRIBE, email to debian-events-eu-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: