On 29 July 2010 14:40, Daniel Pittman <[email protected]> wrote: > dave b <[email protected]> writes: >> On 28 July 2010 12:23, Matthew Hannigan <[email protected]> wrote: >>> On Tue, Jul 27, 2010 at 04:04:05PM +1000, Ben Donohue wrote: >>> [ .... ] >>>> How about a DNS, squid and web server with multiple name based >>>> virtual domains on the same box? >>>> >>>> Is doing the above really dangerous on a fully patched and up to >>>> date system? >>>lso depends on the webapp. >>> I'd be more comfortable with java (especially with security >>> manager on) which is after all another form of vm. >> Java is like php, there are also language flaws coming out to bite you real >> soon. /me mutters something about OH MY THEY ESCAPED FROM THE JVM. > > Do you have a reference for that?
Here is a recent example :) http://blog.cr0.org/2009/05/write-once-own-everyone.html You can finder older examples as well :) > ...but why? What actual security value does that add, compared to the vanilla > kernels which do, oh, everything listed in their bullet point feature list, > and out of the box covers over eighty percent of them? Good :) - but not chroot break out prevention, further aslr improvements etc. > Pro tip: asserting that an RBAC system will increase security is silly without > actually understanding how it will be used; people can do things just as badly > with RBAC as without. Sure, but grsecurity also has some other features :) -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
