On Wed, 2005-11-30 at 10:36 +0800, John Summerfied wrote: > I had some difficulty accessing material outside of /var/www as user > Apache, on WBEL. Maybe exploiting the hypothetical kernel bug doesn't require access to anything particular in the filesystem... > Because the risk of breaking things, especially with Fedora, is greater. This hasn't been my experience. > I have seen two successful attacks against Linux systems in the time > since I deployed my first Linux server, running RHL 4.0. I've seen many more. Linux boxes get rooted, en masse and all the time. Running software with known vulnerabilities is a major factor in this. > Both were on account of weak passwords. This is what's left after you patch known vulnerable software. That and 0-day exploits. > OTOH I cannot count the number of broken systems I've seen when upgrades > failed, when upgrades succeeded but their content was broken, when > hardware failed. Of all the servers I manage (and all of them use automatic updates) I have never had any issues due to software updates. I concede, though, that I don't use stock kernels on servers, but customised and hardened ones. Hence, there have been no automatic kernel updates. On workstations I use manual update (as I mentioned earlier) since I wouldn't risk losing 3D screen savers due to a missing nvidia kernel module, but I check daily. > So there you are, no penetrations at all on account of software > vulnerabilities in umpteen years. This is very atypical. Are your systems networked? Cheers Steffen.
Attachment:
signature.asc
Description: This is a digitally signed message part
