[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Stable server hacked

On Thu, 14 Aug 2003 at 08:22:37PM -0400, Colin Walters wrote:
> On Wed, 2003-08-13 at 21:00, valerian wrote:
> 
> > Well capabilities are only one of the things that grsec implements.  You
> > can also restrict a process to access various parts of the filesystem.
> > There's no reason /usr/sbin/apache should have write access to /etc, so
> > you just don't allow it.
> 
> Right, but we were discussing the scenario where the attacker is able to
> execute another program, such as /bin/sh.  In that case all is lost,
> because the security is only associated with the executable pathname.

With grsecurity ACLs can be inherited (from a parent process) and over-ridden...


-- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
--
Excuse #101: User to computer ratio too high.
Reply to: