xfs
[Top] [All Lists]

Re: advice: 3ware+raid+xfs

To: XFS Mailing List <linux-xfs@xxxxxxxxxxx>
Subject: Re: advice: 3ware+raid+xfs
From: Ethan Benson <erbenson@xxxxxxxxxx>
Date: Mon, 8 Dec 2003 23:19:11 -0900
In-reply-to: <1070823336.1358.5.camel@pip>
Mail-copies-to: nobody
Mail-followup-to: XFS Mailing List <linux-xfs@xxxxxxxxxxx>
References: <Pine.SOL.4.58.0312071202250.20497@xxxxxxxxxxxxxxxxxxxx> <1070823336.1358.5.camel@pip>
Sender: linux-xfs-bounce@xxxxxxxxxxx
User-agent: Mutt/1.3.28i
On Sun, Dec 07, 2003 at 01:55:36PM -0500, Danny Cox wrote:
> 
>       You really should consider 2.4.23, or at least apply the patch to
> do_brk() that 2.4.23 fixed.  Of course, if this is a stand-alone machine
> with no other logins, you may not care.

logins don't matter, if its connected to a network and runs any
service it needs to be patched.  gentoo was not compromised with a
local login, someone got uid=rsyncd via rsync then used the kernel to
get root.

bottom line if you don't bother to fix so called local holes, then you
may as well just run all services as root, running a service non-root
does not buy you any additional securtity if there are local root holes.

>       Either I'm getting more paranoid in my old age, or the security guys
> are beginning to rub off on me.... ;-)

good.

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgpNT9HibRq6L.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>