can't exec /usr/sbin/named-xfer: Permission denied
Brian Elliott Finley
brian at thefinleys.com
Wed Mar 28 00:13:23 UTC 2001
Thus spake Brad Knowles (brad.knowles at skynet.be):
> At 5:42 PM -0600 3/27/01, Brian Elliott Finley wrote:
>
> > Yes, yes. I am aware of the exploits, but not too worried because it's
> > in jail and the file structure is re-created whenever it's restarted.
>
> Problem is, chroot() jails can be escaped, especially if you can
> get root privileges in the jail. Indeed, by far the vast majority of
> security breaches involved taking an existing account (privileged or
> not) and then using that to exceed your level of authorized access to
> gain root privilege.
>
> Having a chroot() jail is no excuse for doing everything you
> possibly can to keep people off the machine in the first place.
>
>
> Indeed, the single most important thing you can do is to do
> everything possible to keep them off the machine in the first place
> -- a chroot() jail is only a second level of protection for those
> cases where someone comes along with a new exploit that hasn't yet
> been fixed in the public version.
Sound advice.
>
> --
> Brad Knowles, <brad.knowles at skynet.be>
>
> /* efdtt.c Author: Charles M. Hannum <root at ihack.net> */
> /* Represented as 1045 digit prime number by Phil Carmody */
> /* Prime as DNS cname chain by Roy Arends and Walter Belgers */
> /* */
> /* Usage is: cat title-key scrambled.vob | efdtt >clear.vob */
> /* where title-key = "153 2 8 105 225" or other similar 5-byte key */
>
> dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'
--
-------------------------------------------------------
Brian Elliott Finley VA Linux http://valinux.com/
http://thefinleys.com/ phone: 972.447.9563
http://systemimager.org/ phax: 801.912.6057
CSA, C2000, CNE, CLSE, MCP, and Certifiable Linux Nut
-------------------------------------------------------
More information about the bind-users
mailing list