On Thursday, 16.11.2006 at 21:50 +0100, Stephan Seitz wrote: > On Thu, Nov 16, 2006 at 08:25:00PM +0000, Dave Ewart wrote: > >to which the machine is put. Kernel bugs are normally only > >exploitable by local users; SSL bugs are most likely to be > >exploitable remotely. If > > Only partly true, I think. If you have a server application like > apache, which has a bug giving you a shell, you can then use the local > exploit to become root. So you should think a little ahead, that’s > safer. ;-) Yes, that's why I said that this was only 'generally' true. The above compromise relies on an Apache (remote) exploit as well as any subsequent local kernel exploit. Anyway, as a general rule: keep your systems security-patched, and use an OS which allows you to do this without introducing new/different functionality :-) Dave. -- Please don't CC me on list messages! ... Dave Ewart - davee@sungate.co.uk - jabber: davee@jabber.org All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
Attachment:
signature.asc
Description: Digital signature