[nycbug-talk] security advisory
Charles Sprickman
spork
Thu Jan 19 15:46:44 EST 2006
On Thu, 19 Jan 2006, Isaac Levy wrote:
> Hi Charles,
>
> On Jan 19, 2006, at 3:10 PM, Charles Sprickman wrote:
>
>> I'm logging into all my jail boxes and running "chflags -R noschg /", since
>> securelevels are now officially useless.
>>
>> Onion, shmonion!
>>
>> C
I'm just having fun with Theo's "securelevels are useless" response. They
may not be a perfect solution, but to just discard the whole idea (flaws
and all), you lose a layer of security. Layers are good.
> ? Well, you'd have to mount some other filesystem on top of the files you
> wish to circumvent first?
> Unless I'm missing something truly awful here...
>
> http://packetstormsecurity.org/0601-exploits/rt-sa-2005-15.txt
I think I'm missing something too... The example shows someone nfs
mounting a directory over an existing, populated directory. The guy is
then shocked that the flags from the files under that filesystem do not
show up??? I don't think I'd expect that. Is he suggesting that changes
made to the nfs mounted directory will somehow remain after the nfs dir is
unmounted???
If this is all the fuss, then I guess I understand why Theo is going into
"shut up and go away" mode.
C
> Rocket-
> .ike
>
>
>
More information about the talk
mailing list