Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Mac OS X Security Competition Ends in 30 Minutes

Some Random Username Re:Think about your ridiculous statement a little. (388 comments)

"No, you don't understand how CGI access works. Nor do you understand about jails. Nor do you understand about running previously approved/audited/secure CGI vs. letting users install their own. Nor do you understand about running httpd (or whatever) as a chrooted user who only has read/write access to a very limited (and secure) space."

In fact I do. And less than 1% of those servers have anything like that setup. Because people won't pay for completely useless webhosting (suprise!).

"Not sure where you got the whole nologin idea from. Not sure why you're talking about linux misconceptions. The "subject at hand" was an OSX server where they allowed ssh, which is certainly a whole lot more access than CGI on a jailed or chrooted suid nobody http account - even with CGI access."

But its exactly the same amount of access as > 99% of webhosting companies give you. Which is what I said.

"Like I said: there are thousands of OSX machines on the net right now. Acting as servers. One of them vended ssh access and got hacked. The other thousands are doing just fine."

Like I said, supplying web hosting for people is something anyone should reasonably expect to be able to do with a unix machine. OS X has lots of local root exploits which make it impossible to safely provide web hosting for people (serving up only static files is not webhosting anyone will pay for). Pretending local root exploits don't matter because "people shouldn't have shell access" is rediculous. There's legitimate reasons to have local users. And besides that, local root exploit + remote non-priviledged exploit = remote root.

more than 8 years ago


Some Random Username hasn't submitted any stories.



not really a journal entry

Some Random Username Some Random Username writes  |  more than 9 years ago

This isn't a journal entry, this is just here in case VolciMaster decides to look at my profile and wants to continue the age of the earth discussion we had barely started.

Slashdot Login

Need an Account?

Forgot your password?