[280] in Coldmud discussion meeting

root meeting help first first in chain previous in chain previous next next in chain last in chain last


daemon@ATHENA.MIT.EDU (Fri May 20 09:51:23 1994 )

Date: Thu, 19 May 1994 10:47:18 -0700
From: rayn@q.crossaccess.com (Ray Nawara jr.)
To: coldstuff@MIT.EDU

Well, this is just me being paranoid, but a portmapper type thing is a
hackers dream come true... the less randome people know about the
system the more secure it is. And last nite at the colddark meeting it
was mentioned that anyone who were able to spoof connections and such
to a cold were probably not worth stopping, well in most cases
yeah. Its my intention though to run a server on a site that has
security issues, and when your talking about a server that can run
shell scripts (and who's permissions do scripts run under?) your
getting into some really nifty security issues, hence my paranoia.

another thing about portmappers. The general sun style portmapper for
rpc is a problem with secrutiy because it can be tricked into giving
trusted access, if your not careful as to how its set up. This
probably isnt as big an issue in this case.

Sorry, I'm just paranoid lately,