Firewall Wizards mailing list archives
Re: Ports and privileges
From: tqbf () secnet com
Date: Tue, 24 Feb 1998 19:00:50 -0600 (CST)
The separation of "root" into multiple small privileges is exactly what is done on many of the trusted operating systems. When using one of these systems as your webserver or firewall base, you avoid many of the problems experienced with less secure operating systems.
Of course, this only works with a kernel audit; many of the privileges that are currently guarded with, say, suser() in 4.4BSD, are equivalent to root, and not always in obvious ways. Not that dividing up root is a bad thing (quite the opposite!), just that it's trickier than it seems to do it with maximal effectiveness. ----------------------------------------------------------------------------- Thomas H. Ptacek Secure Networks, Inc. ----------------------------------------------------------------------------- http://www.enteract.com/~tqbf "mmm... sacrilicious"
Current thread:
- Re: Ports and privileges, (continued)
- Re: Ports and privileges James W. Abendschan (Feb 27)
- Re: Ports and privileges tqbf (Feb 21)
- Re: Ports and privileges Darren Reed (Feb 21)
- Re: Ports and privileges tqbf (Feb 21)
- Re: Ports and privileges Vinci Chou (Feb 24)
- Re: Ports and privileges Bret McDanel (Feb 25)
- Re: Ports and privileges tqbf (Feb 27)
- Re: Ports and privileges Doug Hughes (Feb 27)
- Re: Ports and privileges Joseph S. D. Yao (Feb 27)
- Re: Ports and privileges Darren Reed (Feb 21)
- Re: Ports and privileges Paul McNabb (Feb 24)
- Re: Ports and privileges tqbf (Feb 24)
- Re: Ports and privileges John Lines (Feb 25)
- Re: Ports and privileges tqbf (Feb 24)
- Re: Ports and privileges Paul McNabb (Feb 25)