Re: Release Notes: Anyone working on upgrade-related release notes?
On Saturday 02 April 2005 02:32, Javier Fernández-Sanguino Peña wrote:
> On Fri, Apr 01, 2005 at 07:19:20AM -1000, Joey Hess wrote:
> > I'd assume that anyone who installed woody, did not notice that the
> > boot-floppies did not install a kernel package but just put files
> > on disk, and is now upgrading the sarge has probably been rooted in
> > the meantime by any of the hundred+ kernel security holes that have
> > been found since the last update of the boot-floppies kernels in
> > 2002..
> Well, in order to get rooted he probably would have to allow somebody
> untrusted in
[ ... ]
No need to wait for being "allowed" in. There's been plenty of remote
vuln. in many popular services the last couple of years. Many have
likely found their way in to the system through one of those, and then
further been able to get root via some local kernel vuln.
Frederik Dannemare | mailto:firstname.lastname@example.org
http://frederik.dannemare.net | http://www.linuxworlddomination.dk
Key fingerprint = 30CF 7AD3 17D9 1A63 A730 ECA6 0D4C 2C97 9D9A 238E