Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!



Mac OS X Security Competition Ends in 30 Minutes

Some Random Username Re:Think about your ridiculous statement a little. (388 comments)

"No, you don't understand how CGI access works. Nor do you understand about jails. Nor do you understand about running previously approved/audited/secure CGI vs. letting users install their own. Nor do you understand about running httpd (or whatever) as a chrooted user who only has read/write access to a very limited (and secure) space."

In fact I do. And less than 1% of those servers have anything like that setup. Because people won't pay for completely useless webhosting (suprise!).

"Not sure where you got the whole nologin idea from. Not sure why you're talking about linux misconceptions. The "subject at hand" was an OSX server where they allowed ssh, which is certainly a whole lot more access than CGI on a jailed or chrooted suid nobody http account - even with CGI access."

But its exactly the same amount of access as > 99% of webhosting companies give you. Which is what I said.

"Like I said: there are thousands of OSX machines on the net right now. Acting as servers. One of them vended ssh access and got hacked. The other thousands are doing just fine."

Like I said, supplying web hosting for people is something anyone should reasonably expect to be able to do with a unix machine. OS X has lots of local root exploits which make it impossible to safely provide web hosting for people (serving up only static files is not webhosting anyone will pay for). Pretending local root exploits don't matter because "people shouldn't have shell access" is rediculous. There's legitimate reasons to have local users. And besides that, local root exploit + remote non-priviledged exploit = remote root.

more than 8 years ago


Some Random Username hasn't submitted any stories.



not really a journal entry

Some Random Username Some Random Username writes  |  more than 9 years ago

This isn't a journal entry, this is just here in case VolciMaster decides to look at my profile and wants to continue the age of the earth discussion we had barely started.

Slashdot Login

Need an Account?

Forgot your password?