On Wed, 1 Nov 2000, Derek D. Martin wrote:
> On Wed, 1 Nov 2000, Jeffry Smith wrote:
>
> > Even better, TAKE IT OFF THE SYSTEM! Code that isn't on the system
> > isn't a security risk (i.e. they can't somehow turn it on).
>
> Nah... I agree in principle but if they've compromised the system and
> gotten shell access, it's a simple matter to install via rpm or apt-get on
> the vast majority of Linux systems. Not worth worrying about.
>
If they've compromised your system. However, if all they manage to do
is get access sufficient to run a program on the system that they know
has holes, they can use it. Call it paranoid, but it does take adding
it back from thier site (which takes time, changes the amount of disk
space used, etc). If it's not their, and I see it show up
(/usr/bin/ftp suddenly appears), I know something's wrong.
Basically, all the security is to prevent them from compromising your
system (OK, if you get into the B levels of security, you can do some
compartmentalizing of the risks, but I don't think Linux is there yet
- the closest I know of is to use User Mode Linux, everything passes
up, so the most they compromise is one Linux instance [I think, I
admit not being hugely familiar with UML])
------------------------------------------------------------------------
Jeffry Smith Technical Sales Consultant Mission Critical Linux
[EMAIL PROTECTED] phone:603.930.9739 fax:978.446.9470
------------------------------------------------------------------------
Thought for today: doc /dok/ n.
Common spoken and written shorthand for
`documentation'. Often used in the plural `docs' and in the
construction `doc file' (i.e., documentation available on-line).
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
