Re: Recent Linux vulnerabilities

From: Leonardo Eloy (leonardo@morphus.com.br)
Date: Thu Jan 20 2005 - 08:38:25 EST


Rainer Duffner escreveu:

> Michael Richardson wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>>
>> First, many of those reports are 2.6 specific.
>> Many deployed systems are running 2.4, which does not have anywhere near
>> as many issues.
>
You're right, but some of the issues I related are vulnerable in both
kernel series.

>>
>>
>>
>
>
> Indeed. But even 2.4 has had more than enough bugs - though the
> situation with 2.6 is really disastrous, IMO.

I think both kernel series hasn't considered secure programming as on of
the issues, when submitting patches. As Alan Cox said "/if you plot
things like 'buffer overflow' 'structure passed to user space not
cleaned' 'maths overflow check error' against time you'll see they show
definite patterns with spikes decaying at different rates towards
zero./" [http://kerneltrap.org/node/4570], but until we reach that
point, we must be very careful with systems we deploy.

> I'm glad my main servers run BSD ;-)

Oh god! :P

> Though not all my customers have that "privilege".
>
>
>> Second, "local exploits" mean you need to get a local user.
>> If you assume that, then you can assume a lot of other things too.
>
That's my question! :)
Have you guys been using more kernel-based method to gain superuser
level or program-based exploits?

>>
>
>>
>
> If all your PHP-apps are tight and secure, then yes.
> Unfortunately, this isn't the case. Dare I say phpBB ?
> Or look at other well-known PHP-projects - almost none of them can run
> in PHP-safemode and some have to tweak multiple php.ini-values to "a
> little bit less-secure" values.
> In combination, the results can be very bad.
> It's really becoming a nightmare.
>
>
>
> cheers,
> Rainer
>

-- 
Leonardo Eloy, LPIC-1, FCSE
Analista de Segurança
Morphus Tecnologia
Fone/Fax: 85 3452.5733/5737
Móvel: 85 8802.6740
e-mail: leonardo@morphus.com.br
site: http://www.morphus.com.br
As informações existentes nessa mensagem e nos arquivos anexados são para uso restrito, sendo seu sigilo protegido por lei. Caso não seja destinatário, saiba que leitura, divulgação ou cópia são proibidas. Favor apagar as informações e notificar o remetente. O uso impróprio será tratado conforme as normas da empresa e a legislação em vigor.
The information contained in this message and in the attached files are restricted, and its confidentiality protected by law. In case you are not the addressee, be aware that the reading, spreading and copy of this message is unauthorized. Please, delete this message and notify the sender. The improper use of this information will be treated according the company's internal rules and legal laws.


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:14 EDT