On Wed, Feb 22, 2006 at 02:11:26PM -0500, Will H. Backman wrote: | Just a note to the OpenBSD community: | I have been helping a friend clean up after a security incident with a | PHP web app that hadn't been patched on a Linux server. I run the same | app on OpenBSD, and I worry a lot less. I still patch my PHP apps | because it would be stupid to assume that OpenBSD would always protect | me, but looking at how the exploit happened, I see that OpenBSD's apache | chroot would have prevented that particular attack. | So: | * Developers: Thanks for the proactive security! | * Users: Put the effort into making your stuff work in the chroot.
Also : * Developers: Thanks for giving us pf : pass in proto tcp from any to any port 80 keep state ... block out log proto { tcp, udp } all user www Sure, upload your udp.pl... Too bad you have only limited internet access (there's some pass-rules lateron for specific users). Cheers, Paul 'WEiRD' de Weerd -- >++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]