[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] patch for vanilla kernel



On Tue, 26 Feb 2008, Valter Douglas Lisbôa Jr. wrote:

On Tuesday 26 February 2008 16:54:42 Tom Brown wrote:
On Tue, 26 Feb 2008, Tom Brown wrote:
On Tue, 26 Feb 2008, Pasi Kärkkäinen wrote:

I can not agree with that. If you're messing around on your desktop
machine, ok... you've already got root and you are the only user...
security patches aren't important in that scenario ... but if you're
providing real services to real users, and you don't want some script
kiddie wiping out your box starting from a PHP or SQL injection exploit,
then you need to be using kernels that aren't 18 months out of date.
Humm... SQL Injections don't has any issue with kernels and the PHP fails
normally runs with low level privileges on system, it could... but it's not
likely to hit the kernel without huge efforts.

wtf? There are thousands of crappy php scripts out there that can be tricked into running arbitrary code ... add any one of the priviledge escalation vulnerabilities and the attacker can escalate "arbitrary code" into "root access".
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.