1 |
On Tuesday 25 November 2008 19:58:42 RB wrote: |
2 |
> KDE (and to a lesser extent X) pretty much nullifies most application |
3 |
> isolation efforts you're going to make. |
4 |
|
5 |
Actually, that sound like there is practically no way to keep networked |
6 |
workstation really secure. Sure, is not trivial to gain root access through |
7 |
software bugs (interesting, how many list member would be able to do it?), |
8 |
but no one running X can claim, he has absolutely secure system, which can't |
9 |
fail him regardless to who is the hacker. |
10 |
Furthermore, the system is said to be only as secure as the weakest part, so |
11 |
making hardened server will only slow down attacks and, at most, ensure |
12 |
server stability. Still, if there is someone ready to attack servers end |
13 |
clients (which ones will almost always have X running), the way can be open. |
14 |
|
15 |
Can someone explain how would it happen, the exploitation of buffer overflow |
16 |
in X? How would attacker gain access to X bug most importantly? What are |
17 |
those ways for other apps? Always different? |
18 |
And have there been any efforts to make PaX enabled X? |
19 |
|
20 |
Personally, I think, the best way would be using firewall to allow only the |
21 |
most necessary addresses, which point to trusted services (mail,sftp,...). |
22 |
That said, web browsing is cut off. |
23 |
|
24 |
As a conclusion of what I have read this far I can state: hardened OS is |
25 |
useless for non-server. Would that be too much? Well, I think, in a "black |
26 |
and white" no. (later is a discussion of what is better: to have 3 holes or |
27 |
300) |
28 |
|
29 |
Comments? |