Timothy Murphy writes:
> On Wednesday 07 June 2006 12:33, jm at jmason.org wrote:
> > Key point for me -- imagine being able to install an insecure swiss-cheese
> > PHP app like Gallery and *not* have to worry about all your important data
> > getting pwn3d!
>> Some ignorant questions:
>> 1) Is Gallery this photo gallery program?
> If so, in what way is it insecure?
ah, I have a thing about PHP apps and security.
PHP has historically taken a bit of a lax approach to security, in favour
of ease of programming -- see
http://www.scit.wlv.ac.uk/~jphb/php/lang/register_globals.html for an
example. The PHP team have since fixed most of this, however, afaik.
On the other hand, Gallery -- the photo gallery app -- has had a host of
exploits; 6 going by http://www.gentoo.org/security/en/glsa/ , 3 of those
being remote command execution. One,
http://www.gentoo.org/security/en/glsa/glsa-200402-04.xml , was even
caused by a "workaround" for the more secure "register globals off"
environment, by emulating the less secure mode!
Really -- that's just not a good sign.
> 2) How exactly does virtualisation preserve your important data?
By emulating a separate machine, you can keep part of your data
inaccessible, even to "root" on the other machine.
> 3) I bought a ThinkPad T20 (following your advice)
> on this mailing list, for what I now realise was an absurdly low price
> (thank you David H).
> This was running some version of VMWare, which worked fine,
> except that I could not make head or tails of peripherals.
>> I was amazed that it worked on 256MB of memory.
> It reminded me of Dr Johnson's comparision of women preachers
> with dogs that walk on their hind legs.
> "While neither does it very well, it's surprising to see it done at all."
>> In the end, I decided virtualisation was strictly for pointy-heads,
> and installed Fedora on a new hard disk (which I'm using now).
>> Do real people run Xen on their laptops?
not that I know of.
I've been considering it though ;)
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!