Re: On exploiting null ptr derefs, disabling SELinux, and silently fixed Linux vulns

[Steve Grubb <sgrubb () redhat com>]

On Monday 14 May 2007 15:18, Rodrigo Rubira Branco (BSDaemon) wrote:
> Again our discussion (good discussion, tks for your position!) about
> auto-learning ;)

Let me give you a concrete example. If you have your passwords set to expire 
and normally let people into the machine by sshd and you have pam linked in, 
you will need sshd to be able to write to /etc/shadow. I would presume that 
auto-learning systems would go ahead and grant that access.

The better solution is to create a minimalistic helper program that has just 
that capability and can only be run by the parent. It can be confined to just 
making the update and the parent which is network facing only able to exec 
that program.

Auto learning systems cannot make architectural desicions like that.

-Steve
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave