Return to BSD News archive
Newsgroups: comp.unix.bsd.bsdi.misc Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!munnari.OZ.AU!spool.mu.edu!newspump.sol.net!newsfeeds.sol.net!hunter.premier.net!news.sprintlink.net!news-peer.sprintlink.net!howland.erols.net!news.mathworks.com!uunet!in1.uu.net!208.192.224.3!news.interactive.net!ritz From: ritz@onyx.interactive.net (Chris Mauritz) Subject: Re: Security hole X-Nntp-Posting-User: ritz Organization: IBS Interactive, Inc. Lines: 23 Message-ID: <E4Boww.69M@news.interactive.net> References: <32DEEC3F.E23@interlog.com> <DERAADT.97Jan18154120@zeus.theos.com> <5bstum$84v@duke.telepac.pt> <5bue0s$psh@tofu.alt.net> <E4AAyu.GD2@news.interactive.net> <5c0glm$khi@tofu.alt.net> X-Trace: 853790430/8089 X-Nntp-Posting-Host: onyx.interactive.net Date: Mon, 20 Jan 1997 20:00:32 GMT Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:5592 In comp.unix.bsd.bsdi.misc Matt Bancroft <matt@tiiap.mec.edu> wrote: :) : :) : >Numerous ways. BSDi has many, many easily exploitable security holes. :) Ones that give out r00t priveleges to normal users without them even knowing :) the root password or being in the group wheel. :) : None of these holes are a risk if you have all the latest patches :) : installed. :) But I suspect many admins havent installed them yet..... In which case you get what's coming to you. Running a secure system is an ongoing process. You really DO need to waddle by ftp.bsdi.com once in a while and keep up with the patches. Also, just because you *can* hack root doesn't mean you won't get prosecuted when you get caught. If I leave a set of keys in a car and you get in and drive away, you're still guilty of grand theft auto (and subject to the associated penalties). So you've got to wonder if the short joy ride is worth it. Have a nice day, Chris -- Christopher Mauritz | For info on internet access: ritz@interactive.net | finger/mail info@interactive.net OR IBS Interactive, Inc. | http://www.interactive.net/