Bugtraq mailing list archives
Re: Cyberguard FW silliness
From: phzy () ANTIPLUR COM
Date: Mon, 6 Nov 2000 16:09:16 -0500
Art.Green () med ge com wrote:
Now, I'm not a MAC expert, but all but one of these seem quite obvious. I tried accessing all of these using a unprivileged user and except for the last item, could not read or write the files.
Absolutely. However, complete reliance upon any one aspect of an operating system is a recipe for disaster. I equate this to a scenario where an administrator has installed a web application atop a default installation of an operating system riddled with known security vulnerabilities, but feels safe because he's placed it behind a firewall which filters everything but web traffic. The underlying foundation upon which the application is based is insecure! Should the firewall fail, the remaining portions of the entire 'system' (meaning the OS + web application + firewall) would not be able to withstand a direct attack. Although I agree that MAC will provide you with reasonable assurance that an attacker would not be able to write to these files, it does not provide absolute assurance. If something does not provide absolute assurance, it only makes sense to see what else could be done to further protect yourself from intrusion. - phzyl0gik -- Sent with Antiplur webmail: http://webmail.antiplur.com
Current thread:
- Cyberguard FW Silliness phzy (Nov 04)
- <Possible follow-ups>
- Re: Cyberguard FW Silliness phzy (Nov 06)
- Re: Cyberguard FW Silliness Green, Art (MED) (Nov 06)
- Re: Cyberguard FW silliness phzy (Nov 07)