Re: Debian Stable server hacked
On Thu, 14 Aug 2003 at 08:22:37PM -0400, Colin Walters wrote:
> On Wed, 2003-08-13 at 21:00, valerian wrote:
>
> > Well capabilities are only one of the things that grsec implements. You
> > can also restrict a process to access various parts of the filesystem.
> > There's no reason /usr/sbin/apache should have write access to /etc, so
> > you just don't allow it.
>
> Right, but we were discussing the scenario where the attacker is able to
> execute another program, such as /bin/sh. In that case all is lost,
> because the security is only associated with the executable pathname.
With grsecurity ACLs can be inherited (from a parent process) and over-ridden...
--
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
--
Excuse #101: User to computer ratio too high.
Reply to: