> I just noticed 011_openssl.patch and installed it on my 4.1 i386 system.
> Does anyone have any idea to what extent I risked being hacked? If the
> risk was significant, what is the best way to check if someone's been naughty?
If anyone competent is being naughty, you probably wouldn't know
unless your ssl-ized server died.
OTOH, I've seen no credible reports of a working exploit on anything,
nevermind running with propolice, w^X, stackgap, etc... That doesn't mean
someone might not develop the exploit, if possible, for OpenBSD first, but
something tells me I'm going to hear about Loonix boxes running apache getting
sodomized first, if ever someone can get one working.
It's kind of like going hiking with someone who is fatter and slower
at climbing trees than you are, rather than carrying bear deterrent [1]
-Bob
[1] yes, I carry bear deterrent..
