1 |
On Sat, 13 May 2006 11:32:49 +0200 |
2 |
Simon Strandman <simon.strandman@×××××.com> wrote: |
3 |
|
4 |
> Kevin F. Quinn (Gentoo) skrev: |
5 |
> > On Fri, 12 May 2006 10:49:22 +0200 |
6 |
> > Simon Strandman <simon.strandman@×××××.com> wrote: |
7 |
> > |
8 |
> >> I installed modular X on my server running hardened. |
9 |
> > |
10 |
> > X on a server? If it's just for the libs that's ok, but running |
11 |
> > the X server itself is risky on a server as it's huge and suid so |
12 |
> > flaws can easily gain root access. One such was discovered just |
13 |
> > the other week |
14 |
> > (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1526). |
15 |
> I have my reasons. I need to run VNC on it. |
16 |
|
17 |
ok; just remember that by building vanilla you lose PIE and SSP as well |
18 |
(either of which can reduce the impact of buffer overflow exploits |
19 |
from privilege escalation to denial-of-service or less). For anyone |
20 |
else considering it, hardened advise sticking with 6.8 for now. |
21 |
|
22 |
-- |
23 |
Kevin F. Quinn |