Greg McCarroll
Sat, 16 Jun 2001 12:32:33 -0700
* David Cantrell ([EMAIL PROTECTED]) wrote: > As there's plenty of BSDers here, and I expect that at least some of you > don't subscribe to Bugtraq and friends ... > > http://www.securityfocus.com/vdb/?id=2873 > Yeah but its a local exploit, so it ain't that bad. I'm generally of the opinion (warning AD&D discussion on the horizon) that if someone gets into your box they can get r00t, so best to deal with the problem before that and keep a careful eye of people who are you in your box. Its a bit like castle really, with external security and guards wandering the corridors, if a sufficiently skilled assasin/thief can get past the external security, he can evade your normal internal security and kill your king or steal your treasure. Unless of course you hire Vadrienal the Elven Assasin/Fighter to help guard your treasure (ok i'm going to far now). However this reminds me of how a top notch security consultant from a 3 letter company described the security of a product i was at a time involved with (not in a security capacity). He explained in a manner similar to the following .... Imagine you want to protect something, and its a treasure chest, now you put the treasure chest in a room, you lock the room. The room is in a castle, there are guards wandering the corridors checking for intruders. The castle only has one entrance via the drawbridge, its heavily guarded and all incoming visitors are watched closely. There are guards on the castle wall watching that no one tries to swim the moat. Now imagine a big field, with a treasure chest in the middle of it - this is your security. Greg -- Greg McCarroll http://217.34.97.146/~gem/