Re: End of bind-chroot-admin script

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Alan Cox <alan@xxxxxxxxxx> writes:

> Its also inadequate for some forms of attack. If I can persuade your
> named to run code of my choice in a chroot without selinux then I can
> still use your box as a spam machine, botnet host, DoS attack tool,
> proxy, etc .. all without breaking the chroot.

Can be prevented with traditional tools too:

iptables -A OUTPUT -m owner --uid-owner named -j o-NAMED




Enrico

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux