From: Rick Moen (rick at domain linuxmafia.com)
Date: Tue 25 Jun 2002 - 22:55:48 IST
Quoting Colm MacC?rthaigh (colmmacc at domain redbrick.dcu.ie):
> The curious thing is that is the move to PrivSep is not neccessary.
> From reading the notice, it says that the problem isnt exploitable
> (though is possibly present) while using PrivSep, and that's great,
> I can see it being a good argument for using Privilege Seperation
> as an interim solution until the fix is available. I'll buy that,
> no problem.
Prior discussion seems to assume that only Theo and a close circle of
associates know the exact nature of the vulnerability. I think prudence
dictates assuming that either the bad guys already do, too, or will
imminently. Thus, priv sep, if it works, helps you right now by putting
another barrier in their way (escalating access).
So, your security exposure goes way down for the entire period until you
apply an effective patch for the (undisclosed) hole.
-- Cheers, The difference between common sense and paranoia is that common sense Rick Moen is thinking everyone is out to get you. That's normal; they are. rick at domain linuxmafia.com Paranoia is thinking they're conspiring. -- J. Kegler
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:17:32 GMT