[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Will a future Code Red Version ever effect Linux????

Subject: Re: [cobalt-users] Will a future Code Red Version ever effect Linux????
From: "Dylan Smith" <dyls@xxxxxxx>
Date: Thu Aug 9 23:31:14 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> I was just wondering if a future version of code red could ever effect a
Linux system?
>
> Is Linux open to such buffer overflow attacks?

You can never say never (Linux, and indeed all Unixes were vulnerable to the
BIND buffer overflow exploit if BIND was running as a root user).

The main problem with Code Red and IIS is that IIS runs effectively as the
NT equivalent of "root", therefore anything exploiting the hole that Code
Red does gains root access to the NT system.

You can give yourself some pre-emptive resistance to things like this by not
running any daemons as root that don't have to be run as root (therefore, if
a future hole is found, the exploit is limited to the privileges the dameon
runs with).
Apache already executes stuff as user "nobody" (and runs as user httpd, not
root). On my system, I have BIND (named) running as non-root also. If you
have a RaQ2, you have some additional security through obscurity because you
aren't using the ubiquitous Intel x86, so you are binary incompatible with
most of the skript kiddies exploit scripts.

But there is no such thing as absolute security - you must be vigilant.

References:
- [cobalt-users] Will a future Code Red Version ever effect Linux????
  - From: Paul Brown

Prev by Date: [cobalt-users] SafeTP
Next by Date: [cobalt-users] code red shell script
Previous by thread: Re: [cobalt-users] Will a future Code Red Version ever effect Linux????
Next by thread: OT: money matters was: [cobalt-users] Memory pricing

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index