| 1 |
On Sat, 13 May 2006 11:32:49 +0200 |
| 2 |
Simon Strandman <simon.strandman@×××××.com> wrote: |
| 3 |
|
| 4 |
> Kevin F. Quinn (Gentoo) skrev: |
| 5 |
> > On Fri, 12 May 2006 10:49:22 +0200 |
| 6 |
> > Simon Strandman <simon.strandman@×××××.com> wrote: |
| 7 |
> > |
| 8 |
> >> I installed modular X on my server running hardened. |
| 9 |
> > |
| 10 |
> > X on a server? If it's just for the libs that's ok, but running |
| 11 |
> > the X server itself is risky on a server as it's huge and suid so |
| 12 |
> > flaws can easily gain root access. One such was discovered just |
| 13 |
> > the other week |
| 14 |
> > (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526). |
| 15 |
> I have my reasons. I need to run VNC on it. |
| 16 |
|
| 17 |
ok; just remember that by building vanilla you lose PIE and SSP as well |
| 18 |
(either of which can reduce the impact of buffer overflow exploits |
| 19 |
from privilege escalation to denial-of-service or less). For anyone |
| 20 |
else considering it, hardened advise sticking with 6.8 for now. |
| 21 |
|
| 22 |
-- |
| 23 |
Kevin F. Quinn |
Archives