* David Cantrell ([EMAIL PROTECTED]) wrote:
> As there's plenty of BSDers here, and I expect that at least some of you
> don't subscribe to Bugtraq and friends ...
> http://www.securityfocus.com/vdb/?id=2873

Yeah but its a local exploit, so it ain't that bad. I'm generally
of the opinion (warning AD&D discussion on the horizon) that 
if someone gets into your box they can get r00t, so best to deal
with the problem before that and keep a careful eye of
people who are you in your box.

Its a bit like castle really, with external security and guards
wandering the corridors, if a sufficiently skilled assasin/thief
can get past the external security,  he can evade your normal
internal security and kill your king or steal your treasure.
Unless of course you hire Vadrienal the Elven Assasin/Fighter
to help guard your treasure (ok i'm going to far now).  

However this reminds me of how a top notch security consultant from a 
3 letter company described the security of a product i was at a time 
involved with (not in a security capacity).

He explained in a manner similar to the following ....

        Imagine you want to protect something, and its a treasure
        chest, now you put the treasure chest in a room, you lock
        the room. The room is in a castle, there are guards wandering
        the corridors checking for intruders. The castle only has
        one entrance via the drawbridge, its heavily guarded and all
        incoming visitors are watched closely. There are guards on
        the castle wall watching that no one tries to swim the moat.

        Now imagine a big field, with a treasure chest in the middle
        of it - this is your security.


Greg McCarroll                      

Reply via email to