Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

Re: [Users] running freeswan as user nobody - anyone?

From: Linas Vepstas (linas_at_linas.org)
Date: Sat Jun 29 2002 - 01:05:42 CEST

Next message: Brian: "[Users] Working Road Warrior Config"
Previous message: Linas Vepstas: "Re: [Users] iptables for ipsec with NAT?"
In reply to: Giacomo Mulas: "Re: [Users] running freeswan as user nobody - anyone?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

FYI,

On Fri, Jun 28, 2002 at 09:29:28AM +0200, Giacomo Mulas was heard to remark:
> exploited to break in) as an unprivileged user, chrooted if at all
> possible, is always a very good idea, in my book. At very least, if

There *are* some very cool 'mandatory access controls' for linux, some
of which are 'better' than 'mere chrooting'.

One of my very favorite ones was 'lomac', in part because it was
nearly trivial to configure/install. I say 'was', because it has
fallen into disrepair, and has not been ported to the 2.4.x kernels.
But it had a mervelous security model which most of the 'more
sophisticated' MAC's would do well to understand and emulate.

--linas

-- 
pub  1024D/01045933 2001-02-01 Linas Vepstas (Labas!) <linas_at_linas.org>
PGP Key fingerprint = 8305 2521 6000 0B5E 8984  3F54 64A9 9A82 0104 5933

application/pgp-signature attachment: stored

_______________________________________________ Users mailing list Users_at_lists.freeswan.org http://lists.freeswan.org/mailman/listinfo/users

Next message: Brian: "[Users] Working Road Warrior Config"
Previous message: Linas Vepstas: "Re: [Users] iptables for ipsec with NAT?"
In reply to: Giacomo Mulas: "Re: [Users] running freeswan as user nobody - anyone?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:17 CEST