Bruce Dubbs wrote:
Thanks for your reply.
> Mike McCarty wrote:
>
>> I am not expert, so I perhaps am not able to see how the vulnerabilities
>> listed affect my machine. Could you be more specific about how the
>> vulnerabilities are subject to exploit? I'd appreciate that very much.
>> IOW, I'd like to see something which would allow us to evaluate what
>> our exposure might be.
>
> You're right Mike, not all vulnerabilities are equal. However it is good
> practice to fix known vulnerabilities. If, for instance, you decided to run
> a
It is also good practice not to replace otherwise working code with
possibly defective code, especially if the possibility of exploit
is small to non existent. I was hoping to get information to enable
me to evaluate my risk to exploit.
> web server or even give yourself the capability to ssh into the system from
> outside your home and there was a problem with that server software, a local
> vulnerability could then lead to a root compromise.
Yes, certainly. Neither of those is anything I ever intend to do.
ISTM that the exposure my machine has is nil at present, and I see
no reason to risk running unseasoned changes unless one can demonstrate
actual possibility of exploit. For that reason, I am wary of publishing
blanket recommendations for all users to replace working software
simply because there is a known vulnerability. A vulnerability with
no possibility of exploit is not a liability. Unseasoned code is a
greater risk in that circumstance.
Thanks also for the instructions!
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!
--
http://linuxfromscratch.org/mailman/listinfo/lfs-support
FAQ: http://www.linuxfromscratch.org/lfs/faq.html
Unsubscribe: See the above information page
