[Gllug] Anti-virus

Mike Brodbelt mike at coruscant.demon.co.uk
Thu Oct 24 19:01:19 UTC 2002


On Wed, 2002-10-23 at 10:00, Mark Lowes wrote:
> On Tue, 2002-10-22 at 15:45, Tethys wrote: 

> Multiple BIND problems over the last few years, the regular holes in
> ftpd's, IMAP is a regular offender as well. 

BIND has been a particularly bad offender true. IMAP problems have
however been restricted to the UW server, IIRR. I can't recall a
security problem with Cyrus.
 
> The risk in this sort of code is greater on the machine level than an
> exploit in user level programs because many of them need root privs to
> play with the high ports :(

But they can drop those privs as soon as they've bound to the port.
Cyrus runs as a non root user, as does sendmail these days for most
operations, and I think bind can also be run as non-root now.

>  However as we've seen far too many times in
> the last few years the user level problems in mail clients and the like
> cause more problems on the network. 

Indeed. User level code is more worrying. Linux may be immune to viruses
ni that they can't touch system level programs, but it's not hard to
conceive of a "virus" which destroyed the users home directory and
mailed itself to all the email addresses in their Moz profile, or
similar. It wouldn't infect the machine, but would do more than enough
damage, nonetheless.

Mike.



-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list