Skip to main content.
home | support | download

Back to List Archive

Re: Split swish-e binary?

From: SRE <eckert(at)not-real.climber.org>
Date: Tue Oct 02 2001 - 14:01:13 GMT
At 09:54 AM 10/1/01, Bill Moseley wrote:
>This is on-topic because security issue are always on topic...

It's also not enlightening anyone or changing any minds!

At 09:54 AM 10/1/01, Bill Moseley wrote:
>If I'm misunderstanding some key point, please detail it.  But I just don't
>see how removing open-for-write calls adds any security.

See my last post. It's harder to overwrite files on the server.
You zeroed in on root files, he's thinking about other files in
the web directories.

At 09:54 AM 10/1/01, Bill Moseley wrote:
>Do you remove the
>open-for-write calls in your HTTP, DNS, and mail servers that write log files?

No, because security issues there are much better understood.
More people have been banging on them for a longer time.

At 12:56 PM 10/1/01, Philip Mak wrote:
>Even if you think the daemons are
>secure, you can only be 100% sure that the daemons are not vulnerable if
>you shut them down---thus, you shut them down if you don't need them.

Well said! Thanks.

SRE

mailto:eckert(at)not-real.climber.org | http://www.climber.org/eckert/
Info on peak climbing email lists mailto:info@climber.org

  People will accept your ideas much more readily
  if you tell them that Benjamin Franklin said it first.
Received on Tue Oct 2 14:01:51 2001