From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <56157d3abcc337653efa45c01fc613dd@mightycheese.com> To: 9fans@cse.psu.edu Subject: Re: [9fans] 4th edition file server available From: "rob pike, esq." In-Reply-To: <14897aa3a24d632f340f30863deb7850@hamnavoe.demon.co.uk> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="upas-zwycocmezkhugxpchcrtffxqmt" Date: Mon, 13 Jan 2003 09:19:37 -0800 Topicbox-Message-UUID: 40751ee4-eacb-11e9-9e20-41e7f4b1d025 This is a multi-part message in MIME format. --upas-zwycocmezkhugxpchcrtffxqmt Content-Disposition: inline Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit A less drastic step would be to disable network ports such as cpu and telnet, to require people to use the console to debug. -rob --upas-zwycocmezkhugxpchcrtffxqmt Content-Type: message/rfc822 Content-Disposition: inline Return-Path: <9fans-admin@cse.psu.edu> Received: from killy.mspring.net ([207.69.231.40] verified) by mail.mightycheese.com (CommuniGate Pro SMTP 3.4.7) with ESMTP-TLS id 432988 for rob@mail.mightycheese.com; Mon, 13 Jan 2003 11:07:42 -0600 Received: from mail.cse.psu.edu (psuvax1.cse.psu.edu [130.203.4.6]) by killy.mspring.net (8.12.5/8.8.6) with ESMTP id h0DH7dXg063593 for ; Mon, 13 Jan 2003 12:07:39 -0500 (EST) Received: from psuvax1.cse.psu.edu (psuvax1.cse.psu.edu [130.203.18.6]) by mail.cse.psu.edu (CSE Mail Server) with ESMTP id 0DED219981; Mon, 13 Jan 2003 12:05:46 -0500 (EST) Delivered-To: 9fans@cse.psu.edu Received: from hamnavoe (hamnavoe.gotadsl.co.uk [213.208.117.150]) by mail.cse.psu.edu (CSE Mail Server) with ESMTP id 898281998A for <9fans@cse.psu.edu>; Mon, 13 Jan 2003 05:01:33 -0500 (EST) Message-ID: <14897aa3a24d632f340f30863deb7850@hamnavoe.demon.co.uk> To: 9fans@cse.psu.edu Subject: Re: [9fans] 4th edition file server available From: Richard Miller MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Sender: 9fans-admin@cse.psu.edu Errors-To: 9fans-admin@cse.psu.edu X-BeenThere: 9fans@cse.psu.edu X-Mailman-Version: 2.0.11 Precedence: bulk Reply-To: 9fans@cse.psu.edu List-Id: Fans of the OS Plan 9 from Bell Labs <9fans.cse.psu.edu> List-Archive: Date: Mon, 13 Jan 2003 10:01:30 0000 > One advantage (as I understood it) of using a specialized kernel > was a form of security -- there were *no* user mode programs > whose bugs could be exploited. It went further than that: you couldn't even exploit a buffer overflow to exec a shell, because there was no shell and no exec. Would it be feasible, as part of bootstrapping a minimal fossil server, to remove or otherwise disable the exec system call once everything was running? -- Richard --upas-zwycocmezkhugxpchcrtffxqmt--