Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Re: Linux kernel source archive vulnerable

Re: Linux kernel source archive vulnerable

From: Troy Cregger <tcregger_at_kennedyinfo.com>
Date: Fri, 22 Sep 2006 09:40:30 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I mentioned that the gentoo kernel does not have this problem, other
distros have been shown to have safe file permissions in the kernel
tree, so there is a way to have permissions 'fixed' on distribution. But
before that, and ultimately, it's up to us to ensure that our systems
are secure...

> So if a car is designed with a steering wheel that punctures your chest
> if you get in a crash and you are not wearing a seatbelt, that is not a
> disgn flaw because you should wear a seatbelt?

Correct.

The point I think, that's been made in this thread already, it's a
matter of dogma, and best practices. To use the car analogy again, most
cars have airbags, but there's still plenty of them out there that don't
and it's up to the people who drive them to fasten the seat belt.

Personally, I have an airbag AND wear a seatbelt.
T.

Schanulleke wrote:
> Chris Umphress wrote:
>>> That assumes a proper umask. The kernel source should not depend on
>>> the end user's umask being setup properly.
>> Is it the kernel developers' fault if your umask is extremely lax for
>> a normal user? If it is lax, security of the kernel source isn't your
>> only problem.... Security in general is.
>>
>
> So what you say is.
> If there is a fault in a system that you could mitigate by certain
> behaviour, then it is your own responcibility to take that behaviour and
> the fault should not be fix.
>
> So if a car is designed with a steering wheel that punctures your chest
> if you get in a crash and you are not wearing a seatbelt, that is not a
> disgn flaw because you should wear a seatbelt?
>
> Ever heard of defense in depth????
>
> Schanulleke
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

- --
Troy Cregger
Lead Developer, Technical Products.
Kennedy Information, Inc
One Phoenix Mill Ln, Fl 3
Peterborough, NH 03458
(603)924-0900 ext 662
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFE+fOnBEWLrrYRl8RAqbVAJ9mtuOfLaprYFjyVX9UZ+dQOq4+9wCeNow+
2o7gSb4Shtdyex9qqnXxZK8=
=1CKh
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Sep 22 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]