Re: SECURITY PROBLEM OR NOT
From: phn@icke-reklam.ipsec.nu
Date: 11/27/02
- Next message: gr: "Re: SECURITY PROBLEM OR NOT"
- Previous message: Richard Caley: "Re: SECURITY PROBLEM OR NOT"
- In reply to: Michel De Rouck: "SECURITY PROBLEM OR NOT"
- Next in thread: Bruce Barnett: "Re: SECURITY PROBLEM OR NOT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: phn@icke-reklam.ipsec.nu Date: Wed, 27 Nov 2002 11:43:41 +0000 (UTC)
Michel De Rouck <michel.de-rouck@steria.be> wrote:
> *** post for FREE via your newsreader at post.newsfeed.com ***
> I know this is the way it works on some UNIX flavours ( I don't know if
> ALL off them have the same problem)
> I could find solutions to work arround this problem ....
> But my question remains , is there someone who could confirm that this
> is not a security breach against C2
> security certification ?
> If not , could someone explain why it is not against C2 security ??
Security-aware programmers don't use environmental and process arguments.
On some unices you can also "clear them out" , there will be a short
instance where they are visible.
So this is a "well-known" effect of how un*x works. Nothing new here.
Restricting access to "other processes" is possible, but is not
giving any real security.
Restricting a users possibility to execute anything but a limited
list of applications will give a much better security. ( man chroot, jail)
--
Peter Håkanson
IPSec Sverige ( At Gothenburg Riverside )
Sorry about my e-mail address, but i'm trying to keep spam out,
remove "icke-reklam" if you feel for mailing me. Thanx.
- Next message: gr: "Re: SECURITY PROBLEM OR NOT"
- Previous message: Richard Caley: "Re: SECURITY PROBLEM OR NOT"
- In reply to: Michel De Rouck: "SECURITY PROBLEM OR NOT"
- Next in thread: Bruce Barnett: "Re: SECURITY PROBLEM OR NOT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
