On Sat, 19 Jul 1997, Jon Lewis wrote:
> What do you mean when you say "looking at the code to exploit umount"? If
> I remember correctly, it's just another buffer overflow, and on most
> servers there's little reason for mount/umount to be suid anyway.
The particular website in question has c++ code that trivialises such
things as "data buffer overflow". Sometimes, when you pull the code apart
you can make other measures that protect against them. I, for one, find
nfs a real cool service as well as samba. Both of these use mount and
umount. We're currently working on a project where those that need to can
access win95 and nt hard drives as well as printers from a linux box.
Anyone can lock a box down. Just put xinetd or set up your tcp wrappers to
deny everything except from a particular source. The real challenge is
enablement of these services without getting compromised.
> That's what I thought. Then I found Lantronix mini-switches. The ones we
> got don't do 100mb, don't do SNMP, don't to anything other than switch and
> have 8 ports switchable between half and full duplex. They're dirt
> cheap...about $350 from distributors. We have 3 of them. It's better
> than non-switched ether, but certainly not as nice as a high end 24 port
> switch...though for our purposes, we needed at least 2 separate switches
> anyway.
Our current needs indicate a pair of switches creating a 100mbps backbone.
Off of the individual 10 mbps segmnets we'll hang the servers, routers,
portmasters, etc The current network design doesn't handle the load
logically. Therefore the need for something more... Tho I'd be hard
pressed to say which is better: token ring at 12mbps or fast, switched
ether.
Right now, fast ether seems to be the more economical vote.
Rob
Systems Programmer "Open the doors of your stores
rob@fgi.net 24 hours a day"
morgan@springpatch.com Springpatch Mall
http://www.springpatch.com