Re: How dangerous a Standard User could be to a FreeBSD box?
A dedicated suicide bomber loaded with huge amount of RDX can be quiet dangerous for a FreeBSD box. Don't panic, Checkout for the detonater in his pants. Good Luck On 1/13/07, Andy Greenwood [EMAIL PROTECTED] wrote: On 1/12/07, Chuck Swiger [EMAIL PROTECTED] wrote: On Jan 12, 2007, at 11:48 AM, Lamont Granquist wrote: That cat is rather fortunate the server didn't kill the cat at the same time. I haven't lived with a cat in awhile, but don't they tend to 'spray' rather than 'stream' so that a direct line of current would not be established from the PSU to the cat? male (non-neutered) cats spray to mark territory, but as for normal urination, it would be a stream. Um. While I grew up with a pair of cats, I must admit that I've never paid sufficiently close attention to know one way or the other. Nah, you don't have to watch them or anything. Just scoop the litterbox. I wouldn't like my cat to test either spraying or streaming a live PSU unit... :-) -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- I'm nerdy in the extreme and whiter than sour cream ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How dangerous a Standard User could be to a FreeBSD box?
James Long wrote: Nathan Vidican wrote: Gotcha all beat, screw the 'standard user' issue... I had a client call me once cause the office cat peed onto/into the server; no technical expertise required whatsoever, no password, no re-wiring of network, heck no opposable digits even or anything else for that matter, yet it still managed to kill the server ;) Ah yes, the infamous cat(1) ppp(8) exploit. Much harder to clean up than cat(1) dump(8), too. Fortunately, the worst problem I've had with mine is occassional race conditions with mouse(4). You mean like this one? http://www.secnetix.de/~olli/fun/cat_and_mouse.jpg (cat(1) performing a DoS attack on mouse(4).) Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. C++ is over-complicated nonsense. And Bjorn Shoestrap's book a danger to public health. I tried reading it once, I was in recovery for months. -- Cliff Sarginson ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How dangerous a Standard User could be to a FreeBSD box?
On Jan 12, 2007, at 11:48 AM, Lamont Granquist wrote: That cat is rather fortunate the server didn't kill the cat at the same time. I haven't lived with a cat in awhile, but don't they tend to 'spray' rather than 'stream' so that a direct line of current would not be established from the PSU to the cat? Um. While I grew up with a pair of cats, I must admit that I've never paid sufficiently close attention to know one way or the other. I wouldn't like my cat to test either spraying or streaming a live PSU unit... :-) -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How dangerous a Standard User could be to a FreeBSD box?
On Thu, 11 Jan 2007, Chuck Swiger wrote: On Thu, Jan 11, 2007 at 08:52:44AM -0500, Nathan Vidican wrote: Gotcha all beat, screw the 'standard user' issue... I had a client call me once cause the office cat peed onto/into the server; no technical expertise required whatsoever, no password, no re-wiring of network, heck no opposable digits even or anything else for that matter, yet it still managed to kill the server ;) That cat is rather fortunate the server didn't kill the cat at the same time. I haven't lived with a cat in awhile, but don't they tend to 'spray' rather than 'stream' so that a direct line of current would not be established from the PSU to the cat? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How dangerous a Standard User could be to a FreeBSD box?
On Friday 12 January 2007 10:48, Lamont Granquist wrote: On Thu, 11 Jan 2007, Chuck Swiger wrote: On Thu, Jan 11, 2007 at 08:52:44AM -0500, Nathan Vidican wrote: Gotcha all beat, screw the 'standard user' issue... I had a client call me once cause the office cat peed onto/into the server; no technical expertise required whatsoever, no password, no re-wiring of network, heck no opposable digits even or anything else for that matter, yet it still managed to kill the server ;) That cat is rather fortunate the server didn't kill the cat at the same time. I haven't lived with a cat in awhile, but don't they tend to 'spray' rather than 'stream' so that a direct line of current would not be established from the PSU to the cat? While spray(8) may protect the cat, it is likely to invoke crash(8). When combined with dumpon(8) permanent damage may result. :-) Beech -- --- Beech Rintoul - Sys. Administrator - [EMAIL PROTECTED] /\ ASCII Ribbon Campaign | Alaska Paradise Travel \ / - NO HTML/RTF in e-mail | 201 East 9Th Avenue Ste.310 X - NO Word docs in e-mail | Anchorage, AK 99501 / \ - Please visit Alaska Paradise - http://www.alaskaparadise.com --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How dangerous a Standard User could be to a FreeBSD box?
On 1/12/07, Chuck Swiger [EMAIL PROTECTED] wrote: On Jan 12, 2007, at 11:48 AM, Lamont Granquist wrote: That cat is rather fortunate the server didn't kill the cat at the same time. I haven't lived with a cat in awhile, but don't they tend to 'spray' rather than 'stream' so that a direct line of current would not be established from the PSU to the cat? male (non-neutered) cats spray to mark territory, but as for normal urination, it would be a stream. Um. While I grew up with a pair of cats, I must admit that I've never paid sufficiently close attention to know one way or the other. Nah, you don't have to watch them or anything. Just scoop the litterbox. I wouldn't like my cat to test either spraying or streaming a live PSU unit... :-) -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] -- I'm nerdy in the extreme and whiter than sour cream ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How dangerous a Standard User could be to a FreeBSD box?
James Long wrote: Date: Wed, 10 Jan 2007 17:47:52 -0800 From: Jay Chandler [EMAIL PROTECTED] Subject: Re: How dangerous a Standard User could be to a FreeBSD box? To: Giorgos Keramidas [EMAIL PROTECTED] Cc: FreeBSD-Questions freebsd-questions@freebsd.org,VeeJay [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Giorgos Keramidas wrote: On 2007-01-10 13:24, VeeJay [EMAIL PROTECTED] wrote: Hi How dangerous a Standard User could be to a FreeBSD box? Depending on local setup, this could range from 'not at all' to 'extremely'. Do you have a *specific* setup in mind? Standard user with the root password, a bag of explosives, a .45 magnum, and a chip on his shoulder, say? Yeah, and even a user with no account or password, a screwdriver, and a Mountain Dew. Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] Gotcha all beat, screw the 'standard user' issue... I had a client call me once cause the office cat peed onto/into the server; no technical expertise required whatsoever, no password, no re-wiring of network, heck no opposable digits even or anything else for that matter, yet it still managed to kill the server ;) -- Nathan Vidican [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How dangerous a Standard User could be to a FreeBSD box?
Nathan Vidican wrote: James Long wrote: Yeah, and even a user with no account or password, a screwdriver, and a Mountain Dew. Gotcha all beat, screw the 'standard user' issue... I had a client call me once cause the office cat peed onto/into the server; no technical expertise required whatsoever, no password, no re-wiring of network, heck no opposable digits even or anything else for that matter, yet it still managed to kill the server ;) Reminds me of this one ... http://www.secnetix.de/~olli/fun/bruteforce-cat.jpg Best regards Oliver -- Oliver Fromme, secnetix GmbH Co. KG, Marktplatz 29, 85567 Grafing Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd Any opinions expressed in this message may be personal to the author and may not necessarily reflect the opinions of secnetix in any way. If Java had true garbage collection, most programs would delete themselves upon execution. -- Robert Sewell ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How dangerous a Standard User could be to a FreeBSD box?
this is a funny thread. On 1/10/07, VeeJay [EMAIL PROTECTED] wrote: Hi How dangerous a Standard User could be to a FreeBSD box? -- Thanks! BR / vj ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How dangerous a Standard User could be to a FreeBSD box?
On Thu, Jan 11, 2007 at 08:52:44AM -0500, Nathan Vidican wrote: How dangerous a Standard User could be to a FreeBSD box? Depending on local setup, this could range from 'not at all' to 'extremely'. Do you have a *specific* setup in mind? Standard user with the root password, a bag of explosives, a .45 magnum, and a chip on his shoulder, say? Yeah, and even a user with no account or password, a screwdriver, and a Mountain Dew. Gotcha all beat, screw the 'standard user' issue... I had a client call me once cause the office cat peed onto/into the server; no technical expertise required whatsoever, no password, no re-wiring of network, heck no opposable digits even or anything else for that matter, yet it still managed to kill the server ;) Ah yes, the infamous cat(1) ppp(8) exploit. Much harder to clean up than cat(1) dump(8), too. Fortunately, the worst problem I've had with mine is occassional race conditions with mouse(4). Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How dangerous a Standard User could be to a FreeBSD box?
On Thu, Jan 11, 2007 at 08:52:44AM -0500, Nathan Vidican wrote: Gotcha all beat, screw the 'standard user' issue... I had a client call me once cause the office cat peed onto/into the server; no technical expertise required whatsoever, no password, no re-wiring of network, heck no opposable digits even or anything else for that matter, yet it still managed to kill the server ;) That cat is rather fortunate the server didn't kill the cat at the same time. [ Standard computer PSUs use a high-voltage switching power supply design that really should not be peed upon, although I suppose the flyback transformer inside a CRT would be considerably more dangerous. ] -- -Chuck PS: I betcha the client thought the whole matter was a catastrophe... :-) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How dangerous a Standard User could be to a FreeBSD box?
On Wednesday January 10, 2007 at 07:24:22 (AM) VeeJay wrote: How dangerous a Standard User could be to a FreeBSD box? Well, with a BFH and a sufficient supply of C-4 (cyclotrimethylene-trinitramine), he/she could be quite dangerous. -- Gerard Mail from '@gmail' is rejected and/or discarded here. Don't waste your time! ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How dangerous a Standard User could be to a FreeBSD box?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 VeeJay wrote: Hi How dangerous a Standard User could be to a FreeBSD box? Depends on a number of different factors. For example: 1. What you're running. 2. The number of users who have access to the machine. 3. The data being held. 4. How up-to-date the computer is, in particular whether or not any of the programs on the computer have vulnerability issues. 5. What point the computer may serve in a cluster of machines. etc, etc. So, assuming that no vulnerabilities exist or privilege escalation doesn't occur; this can be solved by rebuilding the system when security issues occur--subscribing to [EMAIL PROTECTED] can solve that, along with directions given in the handbook http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cutting-edge.html, auditing your ports regularly with portaudit, and just updating your ports semi-regularly. Also, assuming that the user doesn't use up all available resources on the machine ( limits(1) holds the answers for that question there along with modifying /etc/login.conf ), they should only be able to affect users in their associated groups (assuming group access to data is allowed) or merely themselves. Please be more specific with your questions as they are a bit too open ended. - -Garrett -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.1 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFpN9zEnKyINQw/HARAjMkAKCiOe2IPdtuDi47AqqHw6tPk7ayQACdHwPy JBlZ20e86iJYsiTZ66Y1LnU= =zG/3 -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Is this homework? (was Re: How dangerous a Standard User could be to a FreeBSD box?)
On Wednesday 10 January 2007 06:24, VeeJay wrote: Hi How dangerous a Standard User could be to a FreeBSD box? VeeJay, I may be wrong (and hope that I am), but your questions are starting to smack of the sort of questions a teacher would ask at the beginning of a class on operating systems. -- Kirk Strauser pgp2V1W3Aaa8U.pgp Description: PGP signature
Re: How dangerous a Standard User could be to a FreeBSD box?
* VeeJay [EMAIL PROTECTED] [2007-01-10 13:24:22 +0100]: How dangerous a Standard User could be to a FreeBSD box? Like another poster mentioned, it depends on a variety of factors. Three things I can suggest to help you minimize security risks from local users: - keep your machine and software packages updated - have policies and procedures in place detailing an Acceptable Use Policy (AUP) and the consequences of violating them; and use it when you have to (a lot of places have a ton of elaborate and well-written AUPs which are never enforced) - keep your user shell machines completely separate from your other servers (web, imap, et al.), separate boxes, separate subnet, separate passwords, etc.; this should be obvious, but a lot of people run a lot of critical services on the same machines that they allow users access to and then they are surprised when a fork bomb takes down their mail infrastructure hth, Thomas -- N.J. Thomas [EMAIL PROTECTED] Etiamsi occiderit me, in ipso sperabo ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How dangerous a Standard User could be to a FreeBSD box?
On 2007-01-10 13:24, VeeJay [EMAIL PROTECTED] wrote: Hi How dangerous a Standard User could be to a FreeBSD box? Depending on local setup, this could range from 'not at all' to 'extremely'. Do you have a *specific* setup in mind? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How dangerous a Standard User could be to a FreeBSD box?
Giorgos Keramidas wrote: On 2007-01-10 13:24, VeeJay [EMAIL PROTECTED] wrote: Hi How dangerous a Standard User could be to a FreeBSD box? Depending on local setup, this could range from 'not at all' to 'extremely'. Do you have a *specific* setup in mind? Standard user with the root password, a bag of explosives, a .45 magnum, and a chip on his shoulder, say? -- Jay Chandler Network Administrator, Chapman University 714.628.7249 / [EMAIL PROTECTED] Today's Excuse: Our POP server was kidnapped by a weasel. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: How dangerous a Standard User could be to a FreeBSD box?
Date: Wed, 10 Jan 2007 17:47:52 -0800 From: Jay Chandler [EMAIL PROTECTED] Subject: Re: How dangerous a Standard User could be to a FreeBSD box? To: Giorgos Keramidas [EMAIL PROTECTED] Cc: FreeBSD-Questions freebsd-questions@freebsd.org,VeeJay [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-1; format=flowed Giorgos Keramidas wrote: On 2007-01-10 13:24, VeeJay [EMAIL PROTECTED] wrote: Hi How dangerous a Standard User could be to a FreeBSD box? Depending on local setup, this could range from 'not at all' to 'extremely'. Do you have a *specific* setup in mind? Standard user with the root password, a bag of explosives, a .45 magnum, and a chip on his shoulder, say? Yeah, and even a user with no account or password, a screwdriver, and a Mountain Dew. Jim ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]