[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian Server Compromise -- A Fire Drill ??

On Thursday 04 December 2003 12:17 pm, Dave wrote:
> On Thu, 04 Dec 2003 18:00:18 +0100, Tom <tb.31123.nospam@comcast.net> wrote:
>  >On Thu, Dec 04, 2003 at 10:15:12AM -0600, John Hasler wrote:
>  >> ...  That's why the kernel
>  >> developers thought it was just an ordinary bug: they could see no way to
>  >> exploit it.
>  >
>  >That statement is somewhat disconcerting.  The hypothesis is that many
>  >eyes detect secure bugs, and here is clear case evidence contradicting
>  >that hypothesis.
> There is no contradiction.  Many eyes detect most security problems, but 
> not all.  This is certainly better than just a few eyes with access to 
> proprietary code.

There is also the point that *somebody* found this bug.  Just not the
folks we were hoping would. ;-)  Letting real crackers hammer your
system is another way to find bugs, although we hope it's a last resort.

Terry Hancock ( hancock at anansispaceworks.com )
Anansi Spaceworks  http://www.anansispaceworks.com

Reply to: