[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Server restored after Compromise

On Friday 14 July 2006 01:03, Adam James wrote:
> On Thu, 13 Jul 2006 23:23:22 +0200 (CEST)
> "Gudjon I. Gudjonsson" <gudjon@mc2.chalmers.se> wrote:
> >    How worried should I be? Do you think it is OK to wait for an
> > official Debian packaged kernel or should I download some tonight from
> > kernel.org and compile myself?
> Be worried if you allow untrusted users shell access to your systems.
> I'm no security expert, but I'm willing to bet that there are tens (if
> not hundreds) of 0-day local exploits in the Linux 2.6 source code.

Is this activity sponsored, and thus constitite a job for someone where to 
live from? Or is it simply an activity by threatening phenotypes who deserve 
hopitalization for mental illness?

Be happy not to be in any of the two categories.

francesco pietra

> 'Security' within a source tree that incorporates ~10MB of patches per
> month is an illusion (in my humble opinion).
> Don't get me wrong, I run a server with a 2.6 kernel, but be aware that
> if a malicious user ever gains access to an unprivileged account, they
> would have no trouble in compromising the system.
> --Adam

Reply to: