Re: [linux-security] Re: Re: Re: Re: Re: Bind Overrun Bug and Linux(fwd)

[amu MIT EDU (Aaron M. Ucko)]

Shaun <shaun lexicom ab ca> writes:

> This is a good idea, but what happens if the machine is being put into
> promiscuous mode for other reasons than to sniff.  I run raw tcp/udp
> loggers that require it, so it would not work that good.

The feature would presumably be optional and intended for folks who
wouldn't be making any legitimate use of promiscuous mode.

> I think a policy of NO shell access is a wise step to take.
> It takes away many risks, and many man hours of having to actually watch
> over the system.

Indeed; that's why I created a dedicated SLiRP account on one machine.

> I thought securelevel was not properly enforced in any development or
> stable kernel.  I know there have been patches put out, Phrack included
> one in it's most recent issue.  Also, didn't Solar Designer include one in
> his secure-linux set?

Linux is going to have POSIX.6^H1f(?) capabilities, not a scalar
securelevel.  I don't know how far the linux-privs folks have gotten,
but I'm pretty sure they integrated enough of a skeleton into 2.1.x to
replace all the [f]suser() calls.

-- 
Aaron M. Ucko <amu mit edu> (finger amu monk mit edu) [Stark raving sane]