* David Cantrell ([EMAIL PROTECTED]) wrote:
> As there's plenty of BSDers here, and I expect that at least some of you
> don't subscribe to Bugtraq and friends ...
>
> http://www.securityfocus.com/vdb/?id=2873
>
Yeah but its a local exploit, so it ain't that bad. I'm generally
of the opinion (warning AD&D discussion on the horizon) that
if someone gets into your box they can get r00t, so best to deal
with the problem before that and keep a careful eye of
people who are you in your box.
Its a bit like castle really, with external security and guards
wandering the corridors, if a sufficiently skilled assasin/thief
can get past the external security, he can evade your normal
internal security and kill your king or steal your treasure.
Unless of course you hire Vadrienal the Elven Assasin/Fighter
to help guard your treasure (ok i'm going to far now).
However this reminds me of how a top notch security consultant from a
3 letter company described the security of a product i was at a time
involved with (not in a security capacity).
He explained in a manner similar to the following ....
Imagine you want to protect something, and its a treasure
chest, now you put the treasure chest in a room, you lock
the room. The room is in a castle, there are guards wandering
the corridors checking for intruders. The castle only has
one entrance via the drawbridge, its heavily guarded and all
incoming visitors are watched closely. There are guards on
the castle wall watching that no one tries to swim the moat.
Now imagine a big field, with a treasure chest in the middle
of it - this is your security.
Greg
--
Greg McCarroll http://217.34.97.146/~gem/
