Re: Update
- From: houghi <houghi@xxxxxxxxxxxxxxxxxx>
- Date: Sat, 13 Jan 2007 08:16:06 +0100
Snap Whipcrack.............. wrote:
xorg-x11 server just had a security update. Question: What if you are
using xgl server? Is it secure? This is openSUSE 10.2
Uh, what about it? First what was the security risk in the first place.
Second if you use the openSUSE updates, as soon as Novell has done the
update, it will be updated to your machine.
The time is normaly around 2 days. The security updates I see are ofthen
of such a form that it COULD give e.g. rootaccess to a person already
logged in on a machine if he does a certain thing with some hardware.
The real risk is thus pretty minimal. Or it might crash a machine under
very specific situation.
So if you tell us there was a security update, please point us to the
information telling it. Also if you realy that scared, take a
sunscription on the security mailinglist.
Some idea what are condiderd 'security risks' from the latest two
security updates:
1) Problem Description and Brief Discussion
A command injection in cmd.php in cacti was fixed, which might have
allowed remote attackers to inject commands and so execute code.
*MIGHT* have
1) Problem Description and Brief Discussion
This update fixes three memory corruptions within the X server which
could be used by local attackers with access to this display to crash
the X server and potentially execute code.
Mmm. Waidaminute.
1) 'attackers' need to be local, e.g. sitting at the physical machine
2) 'attackers' need to have GUI access
3) 'attackers' need to have a certain knowledge on how to crash and
thus execute code. What this code can then do I do not know.
So the security is more on the fact that your server will stop working
then dat actual data will be stolen.
In a company downtime of server is considerd a security risk to the
company. I know I work in a company of <how shall I say this politely>
that went down at noon and came up at just before everybody left for the
weekend. I have no idea wether to laugh at them ot to cry with them.
The frustration comes to me when I am apparently the most knowledgable
IT person in the company and I am not even related to, let alone in, IT.
If I were, I would be installing Linux on all the desktops already.
I would first do a testrun of 1 month on 10 local machines and 15
remote machines. That should give you enough time to work on issues,
perfect scripts for updates and so on.
Then another 2 months perfecting all this. Getting 'customer' feedback
and gathering all other information. This would also be time to train
staff on how to handle issues.
Depending on those three months, time for more scripting and thinking of
a way to rollout and a timeframe for that.
Probably this will be done as follows.
1) The headoffice will be done on a weekend.
2) How the remote PCs will be done will depend on several things, but
most likely it will be done over a period of about a month were somebody
will drive from place to place and do the installation. Total project
time should be about 6 months.
OK, I stop writing again. :-D
houghi
--
Dr. Walter Gibbs: Won't that be grand? Computers and the programs
will start thinking and the people will stop.
-- Tron (1982)
.
- References:
- Update
- From: Snap Whipcrack..............
- Update
- Prev by Date: Re: Ripping MP3's ???'s
- Next by Date: Re: How to get Kaffeine to play mpegs?
- Previous by thread: Update
- Next by thread: Ripping MP3's ???'s
- Index(es):
Relevant Pages
|
