[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Antivirus? (and firewalls)

cogNiTioN wrote:

>Couldn't this be done with 'suid'? i.e. set up a 'user' that the
>questionable programs run as, and then chown it's documented files to it,
>and have it only access them?

The danger is from programs which must be run as root, such as SATAN/SAINT.
A sandbox is designed to prevent them from doing anything malicious.

To thoroughly test your system for security holes, many sys admins choose to
run programs which walk the line between 'hacking' and security. Back
Orifice is the tool of choice for NT, while SATAN/SAINT seems to be the
state of the art in Un*x. Most such programs must be run as root.

Granted, this is outside the purview of the average new Linux user. But the
risks are similar with any program which must be run as root for purposes of
system administration.