
Reducing Privilege


Attacks on setuid programs or daemons are supposed to escalate privilege

Can we reduce the amount of privilege that privileged programs have?

Yes -- using Privilege Revocation ...

ping, ping6, portmap
rpc.rstatd, rpc.rusersd
traceroute, traceroute6
rwalld, pppd, spamd, authpf
ftpd, named, httpd

.. and Privilege Separation

sshd, syslogd, pflogd, isakmpd
X server, xterm
xdm, xconsole

But first we need some new uid's and gid's ...


