[snip]
> We have never had a known, provable break-in of any kind, not
> counting the engineers blue-screening the Windows machines
> by throwing funny packets at them.
Muhahahahah.
Wake up. A good comprimise is one you never know about.
There are people out there running scripts which probe networks and
classify services (i.e. host x.y.z.n running apache 1.2.2 on port 80...)
and store those for later.
An new attack comes out, with a remote exploit and even a fix.
The attacker adds the exploit to his software, and tells the software to
try the attack against all hosts matching a certian rule.
The attacker goes to bed. You are still *in* bed.
45 minutes after the announcement, 4hours until you wake.. The attackers
auto-attack hits your first system.
If you system is a somewhat stock configuration, the attackers scripts
will root, backdoor (including invisable kernel mods), and remove all
visiable traces of itself in 30 seconds flat and it will leave a nice note
in the attackers email.
You'll get up in the morning, safe in the knoweldge that you are secure,
as you apply the fix out to your systems.
If you are taking care of your systems, you will be secure against all
know and old attacks. If people are unwilling to do even that, they are
screwed. The system should not attempt to make you secure from your own
ignorance.
What is important, is that the system helps you when you *can't* help
yourself. It needs to help you against new and unknown attacks if
possible.
This is what the no-exec stack patch is for. It's not to replace good
security measures, it's to agument them.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/