Security Incidents mailing list archives
Re: Bind8 exploit and a deleted partition map
From: Eric Brandwine <ericb () UU NET>
Date: Wed, 14 Feb 2001 16:32:46 -0500
"vk" == Valdis Kletnieks <Valdis.Kletnieks () VT EDU> writes:
3) Delete any software (esp. daemon) if you don't plan to use themOK, this is the reason for my reply. I think this may be uneccessarily strong. The key is do not RUN any daemons you do not need. Just having a file of non-setuid, executable code sitting on the hard drive is of very little risk. Figuring out what can and can't be TURNED OFF without
vk> Famous last words. vk> I don't know *how* many times I've had to re-do /etc/inetd.conf on SGI machines vk> to re-install tcp_wrappers and re-disable things I'd turned off already because vk> an SGI software update replaced it. vk> /etc/rcX.d have similar problems. You rename 'S10snmp' to 's10snmp' so it vk> won't be started, and a patch comes along and drops a new S10snmp on your vk> system.. POING! you get to re-disable it. vk> Now if you had *REMOVED* snmp off your system entirely, you don't have to worry. vk> I've got a RedHat 7.0 box on my desk. I'm not worried about any future vk> security issues with Kerberos. Why? Because I knew we don't use it, and vk> I just 'rpm -e' them. No kerberos binaries on the system, no danger of them vk> getting started. SGI's patching scheme aside... I've often needed files that were deleted for just these reasons. I tend to chmod 000 them, so they are still on the disk, but cannot be run by accident. Of course a patch can come along and put a new binary in their place, with new perms, but nothings gonna stop that. I always run TCT's mactime program before and after patching, to see what the patch touched. ericb -- Eric Brandwine | Where I steal an idea, there I leave my knife. UUNetwork Security | ericb () uu net | +1 703 886 6038 | - Michelangelo Key fingerprint = 3A39 2C2F D5A0 FC7C 5F60 4118 A84A BD5D 59D7 4E3E
Current thread:
- Bind8 exploit and a deleted partition map Matteo,Marc A. (Feb 13)
- Re: Bind8 exploit and a deleted partition map Luciano Miguel Ferreira Rocha (Feb 13)
- Re: Bind8 exploit and a deleted partition map Jose Nazario (Feb 13)
- Re: Bind8 exploit and a deleted partition map Derek Kwan (Feb 13)
- Re: Bind8 exploit and a deleted partition map Crist Clark (Feb 13)
- Re: Bind8 exploit and a deleted partition map Jeremy L. Gaddis (Feb 14)
- Re: Bind8 exploit and a deleted partition map Valdis Kletnieks (Feb 14)
- Re: Bind8 exploit and a deleted partition map Eric Brandwine (Feb 14)
- Priorities (was: Bind8 exploit and a deleted partition map) Dustin Mitchell (Feb 15)
- Re: Priorities (was: Bind8 exploit and a deleted partition map) Crist Clark (Feb 15)
- Re: Bind8 exploit and a deleted partition map Crist Clark (Feb 13)
- Re: Bind8 exploit and a deleted partition map Luciano Miguel Ferreira Rocha (Feb 13)
- <Possible follow-ups>
- Re: Bind8 exploit and a deleted partition map Justin Shore (Feb 14)