[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] RE: The nasty RaQ hack...

Subject: Re: [cobalt-security] RE: The nasty RaQ hack...
From: Larry Smith <lesmith@xxxxxxxxx>
Date: Fri, 24 Jan 2003 11:27:21 -0600
Organization: ECSIS.NET
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

INRE Re: [cobalt-security] RE: The nasty RaQ hack...:
> > You might want to chmod 700 gcc for a bit of extra security -that
> > RaQFuCk.sh script (or was it the SSL exploit) needs to get hold of gcc to
> > do it's thing.
>
> Yup, that's a neat idea.  Many UNIX exploits/worms rely on the C
> compiler, so closing access to it will thwart them.  I guess I'd add it
> to my "quick security guide"...

Just from my "personal" point of view, I chmod 444 the gcc program since any 
exploit that gets "root" level would still have access to gcc under mode 700. 
 Under mode 444 is it not "executable" and therefore won't work for anyone 
without changing the mode first,  but then again I am "paranoid" (see 
hosts.allow.conf)


-- 
Larry Smith
SysAd ECSIS.NET
sysad@xxxxxxxxx

Follow-Ups:
- Re: [cobalt-security] RE: The nasty RaQ hack...
  - From: Eugene Crosser

References:
- [cobalt-security] RE: The nasty RaQ hack...
  - From: Mail List
- Re: [cobalt-security] RE: The nasty RaQ hack...
  - From: Eugene Crosser

Prev by Date: Re: [cobalt-security] Results of Forensics Examination of Compromised RaQ 4
Next by Date: RE: [cobalt-security] Results of Forensics Examination of Compromised RaQ 4
Previous by thread: Re: [cobalt-security] RE: The nasty RaQ hack...
Next by thread: Re: [cobalt-security] RE: The nasty RaQ hack...

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index