[NTLUG:Discuss] Securing a RH6.0 box
Chris Cox
cjcox at acm.org
Tue Aug 31 23:09:19 CDT 1999
The 2600 Hackers Quarterly article mentions monitoring the bugtraq
mail list (I do this at work) and implementing "proven" fixes
for buffer overflows and the like.....as well as a VERY simple
yet profound statement.....that /tmp (and other world writable
areas) should have the partition mounted for no setuid....since
hackers tend to try to dump/create their dirty work in the world
writeable areas....seems like a good idea.
Regards,
Chris
"J. Reeves Hall" wrote:
>
> I'm running a Red Hat 6.0 box, and I've given an Indian hacker/friend
> permission to attack it in one week. He's strongly hinted that he plans
> to do a buffer overflow. The only conditions are a) petty DoS isn't fair
> game unless it results in root access, and b) rm -rf / isn't legal. I
> need advice on securing this box. What insecurities exist by default on
> RH6.0? I really want to defeat this dude :)
>
More information about the Discuss
mailing list