[cod] Disapointed
Dave Whitla
dave.whitla at ocean.net.au
Tue Nov 25 21:00:58 EST 2003
On Wed, 26 Nov 2003 10:56 am, MayDay wrote:
> This REALLY helped alot Dave:D
No problem. I get frustrated myself when I can't trace a problem - I usually
can't sleep until I find it - not good for your health.
> I had no idea samba was that big og a security risc.
> Neither did i know that i could cause lag.
> I has both samba shares AND smbfs mounts.
> Ill remove the crap and use ftp in the future.
Don't get me wrong - Samba is a great set of applications. Just use things
wisely with discretion. One of the reasons Linux is a power-user's best
friend is that you can turn off everything that you don't need, and thereby
reduce your exposure to risk - as well as resource usage.
> server_linux is Teamspeak2, donno why it spawned so many threads, maybe its
> like apache, thinking it's super important and going to get 1000 connection
> in the next few min :D
This is the main reason I have replied to the list here.
Everyone please take note that running ANY network service as root is just
plain dangerous - more so when the service is relatively unproven against
exploits.
If a service does not need to bind to a port below 1024 (is an issue in most
*nixes) or access root restricted files create a new unpriviledged user for
that service and suexec the service as that user. If the service is
compromised any damage will be limited and relatively easy to excise.
If a service must bind below 1024 a safe start thread should start as root and
then fork as some unpriviledged user - as apache and mysql do for example.
I note that many of the linux hosted COD servers out there are currently
running as root. Check stuff like this whenever you install a new network
service. Most distros are pretty good when it comes to services installed
via RPM, APT or similar - it's usually roll-your-own stuff thats gets new
guys into trouble.
If none of this makes sense to you, please search the net for information
until it does - new linux users are prime targets for worms and crackers
looking for DDOS pawns.
Happy gaming guys ;-D
Dave
More information about the Cod
mailing list