On Sun, Feb 03, 2002 at 02:12:31PM +0100, Manuel Bouyer wrote:
> > But it could be when we open ports like ssh.
> Sorry I don't understant. ssh isn't started from inetd.

Forget about it - I was too sleepy when I wrote that so its junk.

> > > This is so that you can run df on an unmounted filesystem
> > But only administrator or operator should do that.
> Why ?

What for they have to look at unmounted filesystem like eg. floppy ?

> You don't secure a system by removing suid bits, but my removing binaries that
> you don't need, and check permissions on the ones that you left.
> This can't be done in a generic way, it depends on the application.

Yes, I know, rm -Rf / is the best way to make system secure... :)
What files you're talking about ?
gcc ?
Files with suid bit's are dangerous, because they can be exploited if there
are bugs in them or just using bug in signal-handling on some systems.

-- 
Wojciech Bojdoł
High-Tech Consulting