vulnerability of Linux
Steffen Kluge
kluge at fujitsu.com.au
Wed Nov 30 04:45:31 UTC 2005
On Wed, 2005-11-30 at 10:36 +0800, John Summerfied wrote:
> I had some difficulty accessing material outside of /var/www as user
> Apache, on WBEL.
Maybe exploiting the hypothetical kernel bug doesn't require access to
anything particular in the filesystem...
> Because the risk of breaking things, especially with Fedora, is greater.
This hasn't been my experience.
> I have seen two successful attacks against Linux systems in the time
> since I deployed my first Linux server, running RHL 4.0.
I've seen many more. Linux boxes get rooted, en masse and all the time.
Running software with known vulnerabilities is a major factor in this.
> Both were on account of weak passwords.
This is what's left after you patch known vulnerable software. That and
0-day exploits.
> OTOH I cannot count the number of broken systems I've seen when upgrades
> failed, when upgrades succeeded but their content was broken, when
> hardware failed.
Of all the servers I manage (and all of them use automatic updates) I
have never had any issues due to software updates. I concede, though,
that I don't use stock kernels on servers, but customised and hardened
ones. Hence, there have been no automatic kernel updates.
On workstations I use manual update (as I mentioned earlier) since I
wouldn't risk losing 3D screen savers due to a missing nvidia kernel
module, but I check daily.
> So there you are, no penetrations at all on account of software
> vulnerabilities in umpteen years.
This is very atypical. Are your systems networked?
Cheers
Steffen.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20051130/1a85693c/attachment-0001.sig>
More information about the fedora-list
mailing list