LCE: The failure of operating systems and how we can fix it
LCE: The failure of operating systems and how we can fix it
Posted Nov 24, 2012 19:21 UTC (Sat) by Cyberax (✭ supporter ✭, #52523)In reply to: LCE: The failure of operating systems and how we can fix it by dlang
Parent article: LCE: The failure of operating systems and how we can fix it
There is no such record (I naively thought so too). You can check the Linux source.
>I agree that in the modern Internet, that really doesn't make sense, but going back, you had trusted admins (not just of your local box, but of the other boxes you were talking to), and in that environment it worked.
A good mechanism would haven been to allow users access to a range of ports. Something simple like /etc/porttab with list of port ranges and associated groups would suffice.
>remember, these are the same people who think that firewalls are evil because they break the unlimited end-to-end connectivity of the Internet. :-)
I happen to think the same. Security should not be done on network's border, instead all the systems should be secured by local firewalls.
Posted Nov 24, 2012 19:26 UTC (Sat)
by dlang (guest, #313)
[Link] (2 responses)
> There is no such record (I naively thought so too). You can check the Linux source.
Ok, I thought I remembered seeing it at some point in the past, I may have mixed it up with the ability to bind to IP addresses that aren't on the box <shrug>
I wonder how quickly someone could whip up a patch to add this ;-)
seriously, has this been discussed and rejected, or has nobody bothered to try and submit something like this?
Posted Nov 24, 2012 19:58 UTC (Sat)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Posted Jun 29, 2014 8:50 UTC (Sun)
by stevenp129 (guest, #97662)
[Link]
if user BOB wrote a program to constantly monitor Apache, and the second its PID dies, he was to fire up his own web server on port 80, he could steal sensitive information and password (with great ease).
on a shared hosting service (for example), if somebody neglected to update their CMS to the latest version, and the host runs their webserver without a Chroot... a simple bug or exploit in a website could, in turn, allow a rogue PHP or CGI Script to take over the entire server! not good!
or imagine your DNS server going down! due to a hostile take over... they could redirect traffic to their own off site server, and perform phishing attacks against you and all your clients this way!
Of course there are legitimate reasons to forbid those without privs to bind to ports less that 1024... I'm not sure what is so "stupid" about this idea?
Posted Jan 10, 2013 12:03 UTC (Thu)
by dps (guest, #5725)
[Link]
If both a border firewall blocks some attack traffic then a security bug on an internal system is not immediately fatal and there is time to fix it before the border firewall's security is breached. If that has not happened that implies nobody worthwhile has tried or you can't detect security breaches.
In an ideal world there would be no need for security because nobody would even think of doing a bad dead. The world has never been that way.
LCE: The failure of operating systems and how we can fix it
LCE: The failure of operating systems and how we can fix it
LCE: The failure of operating systems and how we can fix it
LCE: The failure of operating systems and how we can fix it