On Sun, Dec 07, 2003 at 01:55:36PM -0500, Danny Cox wrote:
> You really should consider 2.4.23, or at least apply the patch to
> do_brk() that 2.4.23 fixed. Of course, if this is a stand-alone machine
> with no other logins, you may not care.
logins don't matter, if its connected to a network and runs any
service it needs to be patched. gentoo was not compromised with a
local login, someone got uid=rsyncd via rsync then used the kernel to
bottom line if you don't bother to fix so called local holes, then you
may as well just run all services as root, running a service non-root
does not buy you any additional securtity if there are local root holes.
> Either I'm getting more paranoid in my old age, or the security guys
> are beginning to rub off on me.... ;-)
Description: PGP signature