| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Dec 2011 15:14:29 -0800
From: Gage Bystrom <themadichib0d@...il.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: one of my servers has been compromized
Maybe I'm misreading what you said, and if so please correct me, but
whether or not the changes described were applied in the first place or not
wouldn't change the issue that if you needed root unneutered again you
would need to bring down the system. Especially if the change doesn't
really solve anything in the first place and assuming that the change can't
be reversed by root itself;that would defeat the whole purpose of even
using that option in a security context.
On Dec 6, 2011 3:05 PM, <Valdis.Kletnieks@...edu> wrote:
> On Tue, 06 Dec 2011 13:20:51 PST, Gage Bystrom said:
>
> > serious pain if suddenly you needed unneutered root again. Would likely
> > have to take the system down to fix it. Who wants to be the guy to
> explain
> > that situation to their boss?
>
> If the server is critical enough that you can't take it down to fix it, it
> should have
> been in an HA configuration in the first place. Who wants to be the guy to
> explain to the boss that you're dead in the water because of a bad system
> board?
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists