remove suid files question....
Agus
agus.262 at gmail.com
Mon Dec 25 18:20:13 PST 2006
Of course u can get an account......when i get the system connected and
up....no problemm....
the web will be www.free-shells.com.ar; i'm still testing localy....when i
start testing access with friends and
people i know, i'll create an account for u, to test the system....
thanxs.....Happy Holidays....
2006/12/23, Armin Arh <armin at pubbox.net>:
>
> On Sat, Dec 23, 2006 at 05:41:29PM -0300, Agus wrote:
> > Hi all.....i installed a freebsd 6 and i am going to use it as a server
> with
> > apache, ssh, ftp and other services....it is going to be of free
> access....u
> > register in my page your account (free) and i create an account for u in
> the
> > system....so i am trying to make it secure.....which setuid files should
> i
> > take the setuid bit off???
>
> Sounds interesting. Can i get an account? :)
> btw: do you care for a real email address? (see below)
>
> Giving the users shell access without a chroot environment is a potential
> danger, possible though.
> A plain BSD installation has several suid- bits set like for the 'passwd'
> program, 'su' and other. These can't be used to corrupt the system, so you
> should be safe.
> Nevertheless, special care has to be taken for all third party software,
> e.g. via the ports system.
>
> On my box i can't afford giving users shell access, because cpu cycles
> are a rare resource (OSes can be even freeze with naughty users).
> And then i have no expirience about enforcing resource limits...
>
> Another important point is:
> You may trust your users, but unauthorized access (someone else logs in)
> can arise if they do something wrong. Restricting them to cryptgraphically
> authenticated entrance is a good countermeasure.
>
> Armin
> --
> PUBBOX Postmaster + spam-killer. Free email addresses at
> http://pubbox.net/
>
More information about the freebsd-questions
mailing list