Posted by Richard Lynch on 02/10/05 21:46

> Quite true. However, warnings about "don't do this or that", "an
> attacker may use this" and so on are numerous, but advice on what to do
> about it is rarer. And this thing with system calls is a good example:
> I can find many warnings about not doing it, but not a single piece of
> advice about how to do it when it's actually necessary.

I suspect that people who looked into doing this fall into two categories:

Those who heeded the experts who told them "Don't do that" and didn't do it.

Thoee who ignored the experts, went ahead and did it, and cobbled together
enough band-aid security measures to be "Okay" with it, but not something
they want to publish what they did, because then it would be too easy to
attack them.

Actually, there's probably a third category: Those who don't even really
own their own machines any more because they got root-ed. :-v

--
Like Music?
http://l-i-e.com/artists.htm

• Next in thread: Re: [PHP] Secure system calls -- how
• Prev in thread: Re: [PHP] Secure system calls -- how
• Next in forum: Re: [PHP] avoiding user using back button-need to re-route
• Prev in forum: Re: [PHP] Re: [users@httpd] Favorite Linux Distribution
• Thread view: Secure system calls -- how

[Reply to this message]