multiple vulnerabilities in the X server
in [Slackware]
|
From: Tom N on 25 Jan 2008 06:41 On 2008-01-25, Manuel Reimer <mreimer(a)expires-31-01-2008.news-group.org> wrote: > Hello, > > X.Org has published a security advisory, which informs about several > vulnerabilities in the X server, which could cause privilege escalation: > > http://lists.freedesktop.org/archives/xorg/2008-January/031918.html > > So far, there is no patch for Slackware available. Just publishing here, > for the case, someone has missed it and wants to create a new package on > his own. > > CU > > Manuel (who hopes, we'll soon get a patch...) > Thanks for your good intentions. I just checked in the closet and under the bed. No malicious hackers there. Do you think they might be disguised as ordinary pieces of furniture? Or maybe they are in the basement dressed up to resemble earwigs and salamanders? I've seen a thousand security alerts like this, and ignored every one of them and all the supposed sage advice of the security experts and just exercised common sense. Never had a problem. Even if I did, and some malicious hacker took over my OS and even destroyed it, so what? I have backups. It really isn't worth having a tizzy fit and spending my life knocking myself out trying to plug alleged security holes every time some paranoid thinks I should. Near as I can tell the paranoid security experts and the malicious hackers are the same people....I don't trust either group. Just like I don't trust cops or criminals in the real world. As for X, I keep its networking functionality turned off (port 6000 tcp) except when I'm expecting a remote user to connect. And even with it open I have to specifically make a door in my firewall for it, so I don't have much to worry about... No one I don't really trust is ever allowed to login to my box, here or remotely. Tom -- calhobbit at gee mail dot com -- calhobbit at gee mail dot com
From: Beej Jorgensen on 25 Jan 2008 11:16 Tom N <tom(a)somewhere.invalid> wrote: >Even if I did, and some malicious hacker took over my OS and even >destroyed it, so what? I have backups. What if they take over your computer and do something illegal with it? Then you'll have some 'splaining to do. -Beej
From: Henrik Carlqvist on 25 Jan 2008 15:24 Tom N <tom(a)somewhere.invalid> wrote: > Even if I did, and some malicious hacker took over my OS and even > destroyed it, so what? I have backups. Good for you, you can enjoy your lonely life with your computer. You don't have to worry about if you, the single user on your computer will become root without permission. Others, who are responsible for many computers in a corporate or school environment will have to take messages like this more seriously. In those environments most users are not supposed to have root privilegies. Also, in those environments you must assume there are people who wants to gain information they shouldn't have. regards Henrik -- The address in the header is only to prevent spam. My real address is: hc3(at)poolhem.se Examples of addresses which go to spammers: root(a)localhost postmaster(a)localhost
From: Tom N on 25 Jan 2008 20:54 On 2008-01-25, Beej Jorgensen <beej(a)beej.us> wrote: > Tom N <tom(a)somewhere.invalid> wrote: >>Even if I did, and some malicious hacker took over my OS and even >>destroyed it, so what? I have backups. > > What if they take over your computer and do something illegal with it? > Then you'll have some 'splaining to do. Golly! What if a meteor fell out of the sky and hit me on the head? Paranoia has no limits. I don't play that foolish game. Wasn't I clear in my first post, Henny Penny? Tom -- calhobbit at gee mail dot com
From: Tom N on 25 Jan 2008 20:54 On 2008-01-25, Henrik Carlqvist <Henrik.Carlqvist(a)deadspam.com> wrote: > Tom N <tom(a)somewhere.invalid> wrote: >> Even if I did, and some malicious hacker took over my OS and even >> destroyed it, so what? I have backups. > > Good for you, you can enjoy your lonely life with your computer. You don't > have to worry about if you, the single user on your computer will > become root without permission. > > Others, who are responsible for many computers in a corporate or school > environment will have to take messages like this more seriously. In those > environments most users are not supposed to have root privilegies. Also, > in those environments you must assume there are people who wants to gain > information they shouldn't have. And assume they have the skills to do it. And that no one is monitoring their activities. The first is rare and the second would be irresponsible. You can't patch every potential security hole, but you CAN monitor the users. And that's the responsibility of the administrators, is it not? Tom -- calhobbit at gee mail dot com
|
Next
|
Last
Pages: 1 2 Prev: Don't Feed the Trolls [OT] Next: Trolls (was: Wrong Wireless Router on Slackware 12) |