Russell Coker <russell@coker.com.au> writes:
>> Ok, then we have one ftp Server. :)
>> Do you have an SE Enhanced FTP Server ? :)
> I have a policy for ftp servers that is quite restrictive. We could
> intentionally install an old FTP server with a security hole if you
>> like. ;)
Och. No. :)
install muddleftpd :)
> Someone who breaks it will only be able to run "ls" and can't write to any
> file. The only raised priviledge level of the FTP server is the ability to
> log to syslog.
Hmm, muddleftpd is out then. It has its own logging :)
> One of my future plans is to write some sample exploitable programs and
> exploit programs for them, then I can demonstrate how such programs allow
> root exploits on unprotected systems but don't allow anything on SE systems.
Hmm, sounds nice.
This Linuxtag has a very good site: I get a full configured Debian SE
System. (And i kill you if you rm -rf / that on 9. Juni ! ) :))
-- begin OjE-ist-scheisse.txt bye, Joerg Registered Linux User #97793 @ http://counter.li.org end-- To UNSUBSCRIBE, email to debian-events-eu-request@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
This archive was generated by hypermail 2.1.3 : Sun Apr 28 2002 - 01:50:40 CEST