Paul Howarth wrote:
On Wed, 2005-07-13 at 13:13 -0500, Mike McCarty wrote:
Paul Howarth wrote:
On Wed, 2005-07-13 at 11:10 -0500, Mike McCarty wrote:
[snip]
So, what is my "vulnerability"?
This is a serious question.
Nobody knows what vulnerabilities there may be. That's why it's
important to have multiple layers of security.
A vulnerability has recently been discovered in part of the
image-handling code that's used in Explorer. Suppose a similar
vulnerability existed in Mozilla. A carefully crafted image on a website
you visited could result in your mozilla running a cracker's code. That
could run a process that sat around on your system and periodically
logged on to an irc channel to collect jobs to run, such as send out a
bunch of spam or even worse. So never assume you are safe.
I don't assume that I am safe. I want to know what my vulnerability is.
Apparently, you don't know, either, and can't answer my question.
Thanks for the response, though.
My point was that there's no way of knowing what undiscovered
vulnerabilities there are on your system, so having multiple layers of
defences such as firewalls, mounting /var and /tmp partitions with
noexec, selinux etc. all help to mitigate the risk.
Ah, an aswer. I'm perhaps vulnerable to something being put into
/var or /tmp (/tmp world writable) and then being executed from there.
Now that's useful information. So, I possibly should remove '..x..x..x' from
/tmp? That's an idea. BTW, on my system, /tmp is not a separate volume.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!