Steffen Kluge wrote:
On Wed, 2005-11-30 at 10:36 +0800, John Summerfied wrote:
I had some difficulty accessing material outside of /var/www as user
Apache, on WBEL.
Maybe exploiting the hypothetical kernel bug doesn't require access to
anything particular in the filesystem...
It's pretty hard to do anything local without access to the local
filesystem:-)
I've seen many more. Linux boxes get rooted, en masse and all the time.
Running software with known vulnerabilities is a major factor in this.
Both were on account of weak passwords.
This is what's left after you patch known vulnerable software. That and
0-day exploits.
From my reading, the major source of penetrations, even on Windows, is
weak passwords.
OTOH I cannot count the number of broken systems I've seen when upgrades
failed, when upgrades succeeded but their content was broken, when
hardware failed.
Of all the servers I manage (and all of them use automatic updates) I
have never had any issues due to software updates. I concede, though,
that I don't use stock kernels on servers, but customised and hardened
ones. Hence, there have been no automatic kernel updates.
On workstations I use manual update (as I mentioned earlier) since I
wouldn't risk losing 3D screen savers due to a missing nvidia kernel
module, but I check daily.
So there you are, no penetrations at all on account of software
vulnerabilities in umpteen years.
This is very atypical. Are your systems networked?
All are networked. One was running RHL 7.3 for some years after official
support ended, until the owner made a decison about what to do about
futher maintenance. That box _is_ the firewall, runs web server and mail
servers accessible to the world.
It's still running RHL but it has been patched.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxxxxxxxxx
Tourist pics http://portgeographe.environmentaldisasters.cds.merseine.nu/
do not reply off-list
