On Tue, 15 Jun 1999, Flavio A Santos wrote:
> Dear Friend.
>
> In my opinion there is not an absolute linux security hole. Security
> problems are normaly due to misconfiguration or non secure apps.
> installed in the system.
That depends exactly how you defina a security hole. For example, there
have been a fair few DoS attacks on the kernel that couldn't be fixed by
config.
> About insecure apps. , why not to read the CERT advisoires. Take a look
> over imap, wu-ftp, sendmail etc. Depending on the Linux distribution,
> the box installs insecure apps. For example, using RedHat 5.0 you will
> install a very insecure versions of imap and bind; using RedHat 5.2 you
> will install an insecure Apache web server. I suggest also you take a
> look over the X11R6 system after reading the Security-HOWTO.
In general, if you run an old system you are likely to get insecure apps.
If your box is networked, *always* keep all the services you are running
up to date.
> In my opinion Security holes in linux are not due to the operating
> system itself, but because of the flexibility of the operating system
> combined with some lack of awareness of how to plan and configure a box
> aiming some specific need.
>
In general I'd agree, but I wouldn't go so far as to say there are no
security holes in the OS itself - no known ones, maybe.
HTH
--
Mike <[EMAIL PROTECTED]>
"Do you think there's a God?"
"Well, ____����SOMEbody's out to get me!"
-- Calvin and Hobbs
