Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Smashing the Stack: prevention?
From: bofh () SNOOPY VIRTUAL NET AU (Russell Coker)
Date: Mon, 28 Apr 1997 19:04:52 +1100

1.  'you gotta change the code'

These are just plugs in the bursting dike. The problem is not that
privileged code is insecure. The problem is that there is too much
privileged code.

  I agree.  For example I'd like to know why almost everyone runs sendmail
as root.  It seems that Sendmail has more security holes than most other
server software for the UNIX platform combined, yet it gets run with the
highest privilidge level!  I've got Sendmail running on my servers without
any root access.  Here's a web page explaining what I did:


  If you have any suggestions to improve my Sendmail setup then please let
me know.

Russell Coker

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]