Quoting Colm MacC?rthaigh (colmmacc at redbrick.dcu.ie):
> The curious thing is that is the move to PrivSep is not neccessary.
> From reading the notice, it says that the problem isnt exploitable
> (though is possibly present) while using PrivSep, and that's great,
> I can see it being a good argument for using Privilege Seperation
> as an interim solution until the fix is available. I'll buy that,
> no problem.
Prior discussion seems to assume that only Theo and a close circle of
associates know the exact nature of the vulnerability. I think prudence
dictates assuming that either the bad guys already do, too, or will
imminently. Thus, priv sep, if it works, helps you right now by putting
another barrier in their way (escalating access).
So, your security exposure goes way down for the entire period until you
apply an effective patch for the (undisclosed) hole.
Cheers, The difference between common sense and paranoia is that common sense
Rick Moen is thinking everyone is out to get you. That's normal; they are.
rick at linuxmafia.com Paranoia is thinking they're conspiring. -- J. Kegler
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!