[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] patch for vanilla kernel
On Tue, 26 Feb 2008, Valter Douglas Lisbôa Jr. wrote: On Tuesday 26 February 2008 16:54:42 Tom Brown wrote:On Tue, 26 Feb 2008, Tom Brown wrote:On Tue, 26 Feb 2008, Pasi Kärkkäinen wrote: I can not agree with that. If you're messing around on your desktop machine, ok... you've already got root and you are the only user... security patches aren't important in that scenario ... but if you're providing real services to real users, and you don't want some script kiddie wiping out your box starting from a PHP or SQL injection exploit, then you need to be using kernels that aren't 18 months out of date.Humm... SQL Injections don't has any issue with kernels and the PHP fails normally runs with low level privileges on system, it could... but it's not likely to hit the kernel without huge efforts. wtf? There are thousands of crappy php scripts out there that can be tricked into running arbitrary code ... add any one of the priviledge escalation vulnerabilities and the attacker can escalate "arbitrary code" into "root access". _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |