vulnerability of Linux
John Summerfied
debian at herakles.homelinux.org
Wed Nov 30 16:06:57 UTC 2005
Steffen Kluge wrote:
> On Wed, 2005-11-30 at 10:36 +0800, John Summerfied wrote:
>
>>I had some difficulty accessing material outside of /var/www as user
>>Apache, on WBEL.
>
>
> Maybe exploiting the hypothetical kernel bug doesn't require access to
> anything particular in the filesystem...
It's pretty hard to do anything local without access to the local
filesystem:-)
>
> I've seen many more. Linux boxes get rooted, en masse and all the time.
> Running software with known vulnerabilities is a major factor in this.
>
>
>>Both were on account of weak passwords.
>
>
> This is what's left after you patch known vulnerable software. That and
> 0-day exploits.
>
From my reading, the major source of penetrations, even on Windows, is
weak passwords.
>
>>OTOH I cannot count the number of broken systems I've seen when upgrades
>>failed, when upgrades succeeded but their content was broken, when
>>hardware failed.
>
>
> Of all the servers I manage (and all of them use automatic updates) I
> have never had any issues due to software updates. I concede, though,
> that I don't use stock kernels on servers, but customised and hardened
> ones. Hence, there have been no automatic kernel updates.
>
> On workstations I use manual update (as I mentioned earlier) since I
> wouldn't risk losing 3D screen savers due to a missing nvidia kernel
> module, but I check daily.
>
>
>>So there you are, no penetrations at all on account of software
>>vulnerabilities in umpteen years.
>
>
> This is very atypical. Are your systems networked?
All are networked. One was running RHL 7.3 for some years after official
support ended, until the owner made a decison about what to do about
futher maintenance. That box _is_ the firewall, runs web server and mail
servers accessible to the world.
It's still running RHL but it has been patched.
--
Cheers
John
-- spambait
1aaaaaaa at computerdatasafe.com.au Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
More information about the fedora-list
mailing list