Public
- Public
- Network
- Groups
- Featured
- Popular
- People

@lanodanlanodan wrote: Hi, maybe for the Linux side of things it could use capabilities(7) and/or something like AppArmor+SELinux? capabilities would allow to drop all SuperUser privileges and only keep the ones needed. AppArmor/SELinux would allow to also restrict capabilities and their actions further.

Download link

@lanodanlanodan wrote: Hi, maybe for the Linux side of things it could use capabilities(7) and/or something like AppArmor+SELinux? capabilities would allow to drop all SuperUser privileges and only keep the ones needed. AppArmor/SELinux would allow to also restrict capabilities and their actions further.
https://misskey-taube.s3.eu-central-1.wasabisys.com/files/defc51ce-fab8-43f3-893a-615e7f8155c2.webp

Notices where this attachment appears

Embed this notice
niconiconi (niconiconi@mk.absturztau.be)'s status on Tuesday, 20-Aug-2024 19:34:16 JST niconiconi

When I was installing my first mail server years ago, I saw mbox and thought, "Seriously? Who still uses this ancient format from the original Unix..." and changed that to Maildir without thinking. When reviewing old news today, TIL I unconsciously hardened my server from that infamous 2020 OpenSMTPD root exploit. :blobcatlul: Turned out the ancient mbox format also made it difficult to drop privileges... Also, @lanodan@queer.hacktivis.me, hi. https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/

In conversation about 3 months ago from mk.absturztau.be permalink