On Wed, Aug 13, 2003 at 04:02:41PM -0400, Colin Walters wrote:
> Why? Because SELinux doesn't solely associate security with executable
> pathnames. If someone takes over control of the apache process via a
> buffer overflow or whatever, they don't need /bin/ls to list a
> directory; they can just
On Wed, Aug 13, 2003 at 07:08:59PM -0400, Colin Walters wrote:
> But Linux capabilities are so weak. They won't protect an apache master
> process that runs as root from scribbling over /etc/passwd and giving an
> attacker a new uid 0 shell account, for example. At that point it's
> really game o
On Wed, Aug 13, 2003 at 07:08:59PM -0400, Colin Walters wrote:
> But Linux capabilities are so weak. They won't protect an apache master
> process that runs as root from scribbling over /etc/passwd and giving an
> attacker a new uid 0 shell account, for example. At that point it's
> really game o
On Wed, Aug 13, 2003 at 04:02:41PM -0400, Colin Walters wrote:
> Why? Because SELinux doesn't solely associate security with executable
> pathnames. If someone takes over control of the apache process via a
> buffer overflow or whatever, they don't need /bin/ls to list a
> directory; they can just
On Tue, Jul 01, 2003 at 02:36:37PM +0200, Javier Castillo Alcibar wrote:
> Hi all,
>
> I want to setup a new linux server in internet (apache, php, postfix,
> mysql, dns...), and I would like to patch the standard kernel with some
> security patches. but my question is, what patches are the be
On Tue, Jul 01, 2003 at 02:36:37PM +0200, Javier Castillo Alcibar wrote:
> Hi all,
>
> I want to setup a new linux server in internet (apache, php, postfix,
> mysql, dns...), and I would like to patch the standard kernel with some
> security patches. but my question is, what patches are the be
On Sat, Sep 14, 2002 at 12:56:00PM +0200, Wichert Akkerman wrote:
> One wonders why you would have gcc installed on a webserver..
Look at places like he.net... They offer full unix environment hosting
services (including gcc).
7 matches
Mail list logo
