Linux Today: Linux News On Internet Time.

More on LinuxToday Interview with Frank van Vliet

May 30, 2000, 04:21 (0 Talkback[s])
(Other stories by Benjamin D. Thomas)

WEBINAR: On-Demand

No-Size-Fits-All! An Application-Down Approach for Your Cloud Transformation REGISTER >

[ Thanks to Benjamin D. Thomas for this link. ]

"Frank van Vliet is the author of AuditFile, many security advisories, and recently pointed out configuration errors on We thought our readers would be interested in an interview with Frank van Vilet because of the recent paper he and Peter van Dijk released outlining the steps they took to compromise Their paper does not point out any new vulnerabilities, it merely shows how simple configuration errors can leave a system susceptible to attack. In this interview Frank explains how he audits a systems security, major pitfalls administrators fall into, and how he attempts to uncover bugs. We believe that everyone can learn something from this interview. Note: Frank uses the alias {}"

"LinuxSecurity: When and how did you gain interest in security? How did you gain your security knowledge?

Frank: When I finally switched from Windows to Linux, I spent a lot of time studying the Linux kernel source. When I finished that one I knew C enough to start coding on my own. I started working on my first security project called Auditfile. A kernel patch making it possible to restrict file access per process or per binary. This enabled me to run my apache webserver only allowing it to read default libraries (/lib/*, /usr/lib/*), read its configuration files, htdocs (wwwroot) directory, and only allowing it to write to logfiles with no further access. At the same time I took over control of the security focused group RooT66 and I joined ShellOracle I spent hours reading various texts and joined Buffer0verfl0w security I also got involved with projects like SecNet (not finished when writing this). I have done some freelance security jobs for small webhosters"

Complete Story

Related Stories: