LinuxSecurity.com: Interview with Frank van Vliet

By ServerWatch Staff (Send Email)
Posted May 30, 2000


"Frank van Vliet is the author of AuditFile, many security advisories, and recently pointed out configuration errors on apache.org. We thought our readers would be interested in an interview with Frank van Vilet because of the recent paper he and Peter van Dijk released outlining the steps they took to compromise apache.org. Their paper does not point out any new vulnerabilities, it merely shows how simple configuration errors can leave a system susceptible to attack. In this interview Frank explains how he audits a systems security, major pitfalls administrators fall into, and how he attempts to uncover bugs. We believe that everyone can learn something from this interview. Note: Frank uses the alias {}" Frank van Vliet is the author of AuditFile, many security advisories, and recently pointed out configuration errors on apache.org.

"LinuxSecurity: When and how did you gain interest in security? How did you gain your security knowledge?

Frank: When I finally switched from Windows to Linux, I spent a lot of time studying the Linux kernel source. When I finished that one I knew C enough to start coding on my own. I started working on my first security project called Auditfile. A kernel patch making it possible to restrict file access per process or per binary. This enabled me to run my apache webserver only allowing it to read default libraries (/lib/*, /usr/lib/*), read its configuration files, htdocs (wwwroot) directory, and only allowing it to write to logfiles with no further access. At the same time I took over control of the security focused group RooT66 http://root66.nl.eu.org and I joined ShellOracle http://www.shelloracle.org. I spent hours reading various texts and joined Buffer0verfl0w security http://b0f.freebsd.lublin.pl I also got involved with projects like SecNet http://irc.secnet.org (not finished when writing this). I have done some freelance security jobs for small webhosters."

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.