Tomas Telensky wrote:
<snip>
>But, what I should say to the network security, is that AFAIK in the most
>of linux distributions the standard daemons (httpd, sendmail) are run as
>root! Having multi-user system or not! Why? For only listening to a port
><1024? Is there any elegant solution?
>
Yes, most daemons have the ability to switch user ID once they have
bound tho the port. Additionally, support is starting to show up for
capabilities. I know that ProFTPD has support. Now, assuming it is
running on a newer kernel, it never needs to be root, because it has
been granted the capability to open a low port. Even if it is cracked,
it cannot do other things like . . . insert a kernel module, . . .
overwrite /etc/passwd . . . . . etc
-b
--
Three things are certain:
Death, taxes, and lost data
Guess which has occurred.
- - - - - - - - - - - - - - - - - - - -
Patched Micro$oft servers are secure today . . . but tomorrow is another story!
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
