[plug] Linux security idea - maybe
Craig Ringer
craig at postnewspapers.com.au
Thu Jun 12 21:25:01 WST 2003
> Actually, many many more breakins are due to the cracking of daemons
> running as root, and that's the first thing that should be eliminated
> where at all possible. Where not possible, a privelege-separated model
> needs to be used where the root process is very small and simple, using
> only well-documented APIs to communicate with the non-root part of the
> daemon.
... and of course chrooted daemons always help, too. Trust me to forget
the simple(er) stuff.
More information about the plug
mailing list