| 1 |
On Tuesday 25 November 2008 19:58:42 RB wrote: |
| 2 |
> KDE (and to a lesser extent X) pretty much nullifies most application |
| 3 |
> isolation efforts you're going to make. |
| 4 |
|
| 5 |
Actually, that sound like there is practically no way to keep networked |
| 6 |
workstation really secure. Sure, is not trivial to gain root access through |
| 7 |
software bugs (interesting, how many list member would be able to do it?), |
| 8 |
but no one running X can claim, he has absolutely secure system, which can't |
| 9 |
fail him regardless to who is the hacker. |
| 10 |
Furthermore, the system is said to be only as secure as the weakest part, so |
| 11 |
making hardened server will only slow down attacks and, at most, ensure |
| 12 |
server stability. Still, if there is someone ready to attack servers end |
| 13 |
clients (which ones will almost always have X running), the way can be open. |
| 14 |
|
| 15 |
Can someone explain how would it happen, the exploitation of buffer overflow |
| 16 |
in X? How would attacker gain access to X bug most importantly? What are |
| 17 |
those ways for other apps? Always different? |
| 18 |
And have there been any efforts to make PaX enabled X? |
| 19 |
|
| 20 |
Personally, I think, the best way would be using firewall to allow only the |
| 21 |
most necessary addresses, which point to trusted services (mail,sftp,...). |
| 22 |
That said, web browsing is cut off. |
| 23 |
|
| 24 |
As a conclusion of what I have read this far I can state: hardened OS is |
| 25 |
useless for non-server. Would that be too much? Well, I think, in a "black |
| 26 |
and white" no. (later is a discussion of what is better: to have 3 holes or |
| 27 |
300) |
| 28 |
|
| 29 |
Comments? |
Archives