On Wed, Feb 22, 2006 at 02:11:26PM -0500, Will H. Backman wrote:
| Just a note to the OpenBSD community:
| I have been helping a friend clean up after a security incident with a
| PHP web app that hadn't been patched on a Linux server. I run the same
| app on OpenBSD, and I worry a lot less. I still patch my PHP apps
| because it would be stupid to assume that OpenBSD would always protect
| me, but looking at how the exploit happened, I see that OpenBSD's apache
| chroot would have prevented that particular attack.
| So:
| * Developers: Thanks for the proactive security!
| * Users: Put the effort into making your stuff work in the chroot.
Also :
* Developers: Thanks for giving us pf :
pass in proto tcp from any to any port 80 keep state
...
block out log proto { tcp, udp } all user www
Sure, upload your udp.pl... Too bad you have only limited internet
access (there's some pass-rules lateron for specific users).
Cheers,
Paul 'WEiRD' de Weerd
--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/
[demime 1.01d removed an attachment of type application/pgp-signature]
