Yes, the ptrace kernel-exploit is a very good example, and even if you have no local users, you could think of it like -ALL PROGRAMS RUN AS ROOT-, and since this is a hlds-list, you should remember the hlds-remote-shell-exploit against 3.1.1.0c, which would root your box in no time with an old kernel.
- Sindre >===== Original Message From "Matt H." <[EMAIL PROTECTED]> ===== >You know I'm not going to argue this. Regardless a high uptime in the linux >and or opensource community is considered holy. Yes there are cons to it , >but it's your server and you can do whatever you want with it. if you prefer >a low uptime, and a more secure kernel with more robust newer features then >have at it ( this is what I do on my own desktop box ) , if you prefer not >messing with a kernel and keeping your server up for long periods of time >then do that ( I do this with my proxy server ) . I do both , if your >thinking my proxy is vunerable , its not. I have a very sophisticated >firewall script handling everything coming in and out. Plus on top of that >there is no remote connection to my proxy server, if I make a changes to it, >its done physically on the console to it. All I'm saying is , that if you >know what your doing , you can make a system with an insecure kernel a very >secure system, regardless if the kernel has some exploit for it ( google >ptrace for an example of a kernel exploit ). That's my two cents, and my last >posting for this thread. > >Matt H. > > >On Thursday 16 October 2003 10:55 pm, Z Teknology HLDS Email wrote: >> > Then don't allow anyone access to machine and keep it firewalled.. via >> > iptables.. Laugh all you want about this, but I know some admins who >> > don't switch kernels or update it that often, what they want is a high >> > uptime. >> >> It >> >> > shows customers that your systems are stable reliable.. etc >> >> Stable and reliable and vulnerable to attacks due to out of date kernals... >> >> Zack Sloane >> http://zteknology.com >> We put the personal back in personal computers! >> >> >> >> >> _______________________________________________ >> To unsubscribe, edit your list preferences, or view the list archives, >> please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux > >_______________________________________________ >To unsubscribe, edit your list preferences, or view the list archives, please visit: >http://list.valvesoftware.com/mailman/listinfo/hlds_linux _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
