lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040722163422.A29547@ubzr.zsa.bet>
From: measl at mfn.org (J.A. Terranson)
Subject: Vulnerability in sourceforge.net

On Thu, 22 Jul 2004, Gregory A. Gilliss wrote:

> Really...FreeBSD comes with user nobody set to /sbin/nologin out of the
> box.

And this is bad or related how?  I really do not see the connection to
this default setting (a reasonable one) and an admin's failure to config
their web server properly.

> Maybe they should have chosen a better host OS?

What on earth does the host OS have to do with this?

> On or about 2004.07.22 07:49:53 +0000, Todd Towles (toddtowles@...okshires.com) said:
>
> > Sounds like they should have configured that page a bit different...made it
> > run under a little less access...or said I say..it is a mis-configuration.

Exactly!  This is host OS independent.

-- 
Yours,

J.A. Terranson
sysadmin@....org
0xBD4A95BF

  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."      Osama Bin Laden
	- - -

  "There aught to be limits to freedom!"    George Bush
	- - -

Which one scares you more?


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ