WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] patch for vanilla kernel

On Tue, 26 Feb 2008, Valter Douglas Lisbôa Jr. wrote:

On Tuesday 26 February 2008 16:54:42 Tom Brown wrote:
On Tue, 26 Feb 2008, Tom Brown wrote:
On Tue, 26 Feb 2008, Pasi Kärkkäinen wrote:

I can not agree with that. If you're messing around on your desktop
machine, ok... you've already got root and you are the only user...
security patches aren't important in that scenario ... but if you're
providing real services to real users, and you don't want some script
kiddie wiping out your box starting from a PHP or SQL injection exploit,
then you need to be using kernels that aren't 18 months out of date.
Humm... SQL Injections don't has any issue with kernels and the PHP fails
normally runs with low level privileges on system, it could... but it's not
likely to hit the kernel without huge efforts.

wtf? There are thousands of crappy php scripts out there that can be tricked into running arbitrary code ... add any one of the priviledge escalation vulnerabilities and the attacker can escalate "arbitrary code" into "root access".
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users