l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
April 21: Google Glass
Next Installfest:
TBD
Latest News:
Mar. 18: Google Glass at LUGOD's April meeting
Page last updated:
2006 Feb 18 23:27

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] Biggest uptimes!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] Biggest uptimes!



Don Armstrong wrote:
> On Sat, 18 Feb 2006, trixter aka Bret McDanel wrote:
> 
>>wasnt it a desire for a long uptime that caused debin to not install
>>a patch for a known kernel vulnerability and they got owned because
>>of that?
> 
> 
> No, it was a slightly more complicated situation involving a
> non-Debian machine being broken into and a password sniffed which was
> used to break into a debian.org machine and then use a copy of
> unpatched suid binaries which were sitting around to elevate to root
> on master, and then break into other machines from there.

There was indeed a known kernel vulnerability[1], but it wasn't realized
to be severe until after the Debian attack when it was assigned
CAN-2003-0961, and the fix hadn't made it into a release kernel until
after Debian was attacked.

So there was no uptime macho involved here. In fact, it would have been
more macho to apply the fix at that point by running a prerelease kernel
than to not apply the fix and stick with a stable kernel. Nevertheless,
there was a kernel exploit.

--Ken Bloom

[1]http://lists.debian.org/debian-announce/debian-announce-2003/msg00003.html

-- 
I usually have a GPG digital signature included as an attachment.
See http://www.gnupg.org/ for info about these digital signatures.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
vox mailing list
vox@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.