[DGD] Alternatives to the Kernel model of security...
Greg Lewis
glewis at eyesbeyond.com
Wed Jan 28 20:09:26 CET 2004
On Wed, Jan 28, 2004 at 10:55:39AM -0800, Noah Gibbs wrote:
> --- "Felix A. Croes" <felix at dworkin.nl> wrote:
> > I'm not sure if I agree with you on the security of
> > allowing telnet
> > shell access to a mud server host :)
>
> This is a good point. While it'd be possible to do
> tricks like chroot() to limit some kinds of damage, it
> *wouldn't* be possible to prevent DOS attacks on the
> MUD by using too much of the server's resources.
Erm, if you're going to do this, at least require ssh rather than telnet
(these are accounts on the machine after all, not MUD accounts) and write
a restricted shell for those users. For extra points, require SSH keys
rather than password access. Ideally, run the MUD in a FreeBSD jail(8)
or in something like user mode Linux (you should be doing this anyway).
--
Greg Lewis Email : glewis at eyesbeyond.com
Eyes Beyond Web : http://www.eyesbeyond.com
Information Technology FreeBSD : glewis at FreeBSD.org
_________________________________________________________________
List config page: http://list.imaginary.com/mailman/listinfo/dgd
More information about the DGD
mailing list