On Thu, Sep 25, 2014 at 9:48 AM, Christopher Myers <cmyers@mail.millikin.edu> wrote:
I have a quick question for folks who run old versions of oS. I know that there are a lot of folks (myself included) who are running older versions of oS, because they don't really have a reason to upgrade - everything is working properly and has been configured over the course of many months to run smoothly and exactly the way we want/need it to.
My question is - how do other folks handle security vulnerabilities like this current bash vulnerability? Since oS isn't releasing patches for 11.4, 12.2, etc. anymore, how do you get around that? Just leave your machines vulnerable? Or compile your own patches?
Chris
For bash / shellshock, why do you think you're vulnerable? AIUI, it's not an escalation vulnerability, it just allows apps to get out of a sandbox. Thus if you have a webserver on your machine, it might let a webclient get out of the apache setup and into machine proper. They would still only have the privileges of Apache (or whatever user you run your webserver as.) Are you running any services on those old machines that serve the Internet? If the only service is ssh, then the user has to log into ssh before trying anything. If you let those ssh users have an unlimited shell already, I don't think the vulnerability will give them any new way to penetrate your machine. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org