On Thu, 07 Jun 2001 15:20:19 -0400, DeMoN_LaG
<[EMAIL PROTECTED]> somehow managed to type:
>When was the last time
>that Linux needed an emergency patch to fix a security hole?
Subscribe to BUGTRAQ some time.
I'm too lazy to check in detail right now, but
http://www.redhat.com/errata/rh71-errata-security.html lists 11
security patches since April 16th.
The most recent remote-root exploit was in xntpd on April 8th.
That said, Linux distributions tend to consist of several hundred
independant packages. If you only install what you need, you're going to
run into far fewer required security updates. Take a regular Linux system,
replace sendmail with qmail or postfix, uninstall the 80% of the default
packages that you don't actually use, replace BIND4/8 with BIND 9 or
djbdns, and you've got something pretty secure.
_That_ said, the reason Windows leads the world in website defacements is
that most of the published NT/2000 exploits seem to really be in IIS, so
if you replace that with another webserver, you're pretty safe too.
Charles Miller
