[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apache security issue (with upstream new release)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, 01 Nov 2003 at 05:15:34PM -0500, Adam ENDRODI wrote:
> I tend to disagree, I'm afraid.  The presence of remotely
> exploitable bugs in user applications (be it a client of some
> networked game, or a PDF viewer) impose a great risk on the user,
> i.e. not on the system (which protects its integrity), but the
> user who is actually running the program.  For the sake of
> assurance, just imagine how an accidentally executed `rm -rf /'
> on behalf of your desktop uid would affect the rest of the day for you..

I really hate to be the voice of technicality...but...

If you are really looking for assurance than 'rm -rf /' would not affect
your day because weekly full backups and nightly incremental should be
made.  If you don't have valid off system, perhaps off-site backups,
then what kind of assurance do you really have?

- -- 
Phillip Hofmeister

PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
- --
Excuse #247: Your process is not ISO 9000 compliant 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/pFSVS3Jybf3L5MQRAsB6AJwNyi+JmzHRueapkrpwTbh6XT9IkACfRLBe
LJi14tZl/pCqLaiyoiCTf8Y=
=X0Xy
-----END PGP SIGNATURE-----



Reply to: