Mailinglist Archive: opensuse (3031 mails)
| < Previous | Next > |
Re: [opensuse] OpenSuse 11
- From: Sloan <joe@xxxxxxxxxx>
- Date: Thu, 07 Feb 2008 12:55:37 -0800
- Message-id: <47AB7049.8000205@xxxxxxxxxx>
Benji Weber wrote:
You make it sound trivial but the fact is, a bad guy will have a hell
of a lot of problems trying to get root remotely on a modern linux distro.
Please elaborate on the above statement - provide details, examples
because it all sounds very vague and alarming but there are no specifics.
ssh open, but tcp wrappers severely limits the list of IPs allowed to
connect and the "allow_users" line in sshd_config severely limits the
list of users allowed to connect. If that were not enough, sshd runs
with privilege separation, so that if a bad guy managed to break sshd,
he'd get only the rights of an unprivileged user.
Well, that's an interesting belief, but it flies in the face of
overwhelming empirical evidence.
Right, the old "windows security problems are due solely to it's
overwhelming popularity" mindset often entertained by the proverbial
random "man on the street". It's IMHO a naive viewpoint, since it
completely ignores the architectural differences between peecee and unix
operating systems.
Joe
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
This is not the case. A browser running as a user can do anything the
user is allowed to do. For example an exploit in the browser or image
viewing library which can be exploited through malicious javascript or
crafted image could potentially delete all your user files. It could
be used to launch a denial of service attack or spam from your machine
(no need for root for this). If combined with a local root exploit
(which are not uncommon) it could potentially even get root and have
full control over the system. Same applies to your mail client, irc
client, and other such applications.
You make it sound trivial but the fact is, a bad guy will have a hell
of a lot of problems trying to get root remotely on a modern linux distro.
If you completely ignore security by
blindly visiting pages with possible malware on, or running all email
attachments etc, even on openSUSE/GNU/Linux you are vulnerable.
Please elaborate on the above statement - provide details, examples
because it all sounds very vague and alarming but there are no specifics.
If you have an ssh server listening on the internet and you watch yourSure, all sorts of failed attempts to login every day, because I have
logs I would be surprised if you have not noticed brute force attacks.
Precautions such as strong passwords and fail2ban are important even
for home machines if you run sshd.
ssh open, but tcp wrappers severely limits the list of IPs allowed to
connect and the "allow_users" line in sshd_config severely limits the
list of users allowed to connect. If that were not enough, sshd runs
with privilege separation, so that if a bad guy managed to break sshd,
he'd get only the rights of an unprivileged user.
GNU/Linux systems are no less exploitable than windows.
Well, that's an interesting belief, but it flies in the face of
overwhelming empirical evidence.
The only reason you have a false sense of security now is that you are
not a significant enough target for malware authors. When that changes
if too many people have the same attitude then there will be a
problem.
Right, the old "windows security problems are due solely to it's
overwhelming popularity" mindset often entertained by the proverbial
random "man on the street". It's IMHO a naive viewpoint, since it
completely ignores the architectural differences between peecee and unix
operating systems.
Joe
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |