----- Original Message ----- From: "Brian A. Stumm" <[EMAIL PROTECTED]>
> On Mon, 15 Sep 2003, Ryan Schulze wrote: > > > Brian A. Stumm wrote: > > > > >On Mon, 15 Sep 2003, Daniel Stroven wrote: > > > > > > > > > > > >>Those #'s look awesome, but for security purposes, 2.4.9 is not really a > > >>kernel I want running. As pointed out by my friend matt, the difference in > > >>2.4.9 from 2.4.10 and higher is the VM used. But exploits like ptrace and > > >>others could make it vulnerable to remote exploits. We are going to test > > >>the kernel on the box to see results of usage. But, I doubt we will keep it > > >>if we can not make it extremely secure. > > >> > > >> > > > > > >how does this affect a box that only allows traffic on ports used by half > > >life servers? > > > > > remember that security hole in hlds where you could get a shell on the > > box running half-life? > > the fw will have to have more relaxed rules on outgoing traffic from the > > box (e.g. for VAC checks) > > if all else fails one could kill the hlds process and bind the shell to > > the hlds port. > > > > got root? *g* > > How does this pertain to the kernel version you run, thats a hlds hole not > a kernel hole. Go to http://www.securityfocus.com and type in "linux kernel" in the search box. Then you will see why to use the latest kernel when possible. Brad _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
