Re: [Xen-users] patch for vanilla kernel
On Tue, 26 Feb 2008, Valter Douglas Lisbôa Jr. wrote:
On Tuesday 26 February 2008 16:54:42 Tom Brown wrote:
On Tue, 26 Feb 2008, Tom Brown wrote:
On Tue, 26 Feb 2008, Pasi Kärkkäinen wrote:
I can not agree with that. If you're messing around on your desktop
machine, ok... you've already got root and you are the only user...
security patches aren't important in that scenario ... but if you're
providing real services to real users, and you don't want some script
kiddie wiping out your box starting from a PHP or SQL injection exploit,
then you need to be using kernels that aren't 18 months out of date.
Humm... SQL Injections don't has any issue with kernels and the PHP fails
normally runs with low level privileges on system, it could... but it's not
likely to hit the kernel without huge efforts.
wtf? There are thousands of crappy php scripts out there that can be
tricked into running arbitrary code ... add any one of the priviledge
escalation vulnerabilities and the attacker can escalate "arbitrary code"
into "root access".
Xen-users mailing list