vulnerability of Linux

John Summerfied debian at herakles.homelinux.org
Wed Nov 30 16:06:57 UTC 2005 

Steffen Kluge wrote:
> On Wed, 2005-11-30 at 10:36 +0800, John Summerfied wrote:
> 
>>I had some difficulty accessing material outside of /var/www as user 
>>Apache, on WBEL.
> 
> 
> Maybe exploiting the hypothetical kernel bug doesn't require access to
> anything particular in the filesystem...

It's pretty hard to do anything local without access to the local 
filesystem:-)

>

> I've seen many more. Linux boxes get rooted, en masse and all the time.
> Running software with known vulnerabilities is a major factor in this.
> 
> 
>>Both were on account of weak passwords.
> 
> 
> This is what's left after you patch known vulnerable software. That and
> 0-day exploits.
> 
 From my reading, the major source of penetrations, even on Windows, is 
weak passwords.

> 
>>OTOH I cannot count the number of broken systems I've seen when upgrades 
>>failed, when upgrades succeeded but their content was broken, when 
>>hardware failed.
> 
> 
> Of all the servers I manage (and all of them use automatic updates) I
> have never had any issues due to software updates. I concede, though,
> that I don't use stock kernels on servers, but customised and hardened
> ones. Hence, there have been no automatic kernel updates.
> 
> On workstations I use manual update (as I mentioned earlier) since I
> wouldn't risk losing 3D screen savers due to a missing nvidia kernel
> module, but I check daily.
> 
> 
>>So there you are, no penetrations at all on account of software 
>>vulnerabilities in umpteen years.
> 
> 
> This is very atypical. Are your systems networked?

All are networked. One was running RHL 7.3 for some years after official 
support ended, until the owner made a decison about what to do about 
futher maintenance. That box _is_ the firewall, runs web server and mail 
servers accessible to the world.

It's still running RHL but it has been patched.




-- 

Cheers
John

-- spambait
1aaaaaaa at computerdatasafe.com.au  Z1aaaaaaa at computerdatasafe.com.au
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/

do not reply off-list

More information about the fedora-list mailing list