Vulnerabilities in udev
Mike.McCarty at sbcglobal.net
Mon Apr 27 12:37:03 PDT 2009
Bruce Dubbs wrote:
Thanks for your reply.
> Mike McCarty wrote:
>> I am not expert, so I perhaps am not able to see how the vulnerabilities
>> listed affect my machine. Could you be more specific about how the
>> vulnerabilities are subject to exploit? I'd appreciate that very much.
>> IOW, I'd like to see something which would allow us to evaluate what
>> our exposure might be.
> You're right Mike, not all vulnerabilities are equal. However it is good
> practice to fix known vulnerabilities. If, for instance, you decided to run a
It is also good practice not to replace otherwise working code with
possibly defective code, especially if the possibility of exploit
is small to non existent. I was hoping to get information to enable
me to evaluate my risk to exploit.
> web server or even give yourself the capability to ssh into the system from
> outside your home and there was a problem with that server software, a local
> vulnerability could then lead to a root compromise.
Yes, certainly. Neither of those is anything I ever intend to do.
ISTM that the exposure my machine has is nil at present, and I see
no reason to risk running unseasoned changes unless one can demonstrate
actual possibility of exploit. For that reason, I am wary of publishing
blanket recommendations for all users to replace working software
simply because there is a known vulnerability. A vulnerability with
no possibility of exploit is not a liability. Unseasoned code is a
greater risk in that circumstance.
Thanks also for the instructions!
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!
More information about the lfs-support