[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[no subject]

This is a common tactic of yours, Drew, setting up the so-called 
"challenge".  I sometimes wonder whether you do these things as a means 
of getting free security audits; at any rate, I think it is important to 
observe that in this scenario, where you would know that people were 
purposefully doing things that might lead to the compromise of your 
system, you can very easily re-image or whatever it is that you do.  But 
in the real world, in which you are happily trucking along as root, you 
have no such notion of what holes there may be in your software.  And, 
frankly, some of the posts you have made to this group (as well as my 
own first-hand knowledge of some of the horrible PHP code that you have 
run on at least one of your boxes, for example), I have very little 
faith in your ability to detect, or to address, an intrusion or a 
compromise.  You continually refer to firewalls as though these were the 
holy grail of security, which they most certainly are not.  

I would rework the earlier comments, and turn them into a challenge of 
my own: if you have everything locked down so fantastically that you see 
no danger in running as root, why don't you release your insight into 
the world, whether for cash or for glory?  I quite relish the notion of 
having you explain quite HOW it is that you believe you have achieved 
this nirvana; and I quite relish the thought of all of the security 
experts looking into whatever you have done.

The only other thought I have is that the only way in which I can 
imagine you can even begin to make these claims is if you run a system 
off something akin to a 'live cd', in which system files are 
non-writeable (and in which a 'root' account may be non-powerful); if 
that's the case, I'd ask you to say so.

--George
--------------------------------------
George Carless ... kafka at antichri.st
Words are just dust in deserts of sound


</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00571" href="msg00571.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> esoteric at 3times25.net (Geoffrey)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00313" href="msg00313.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> meson3902 at gmail.com (Mark Schill)</li></ul></li>
<li><strong><a name="00475" href="msg00475.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> jimpop at yahoo.com (Jim Popovitch)</li></ul></li>
<li><strong><a name="00491" href="msg00491.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> kafka at antichri.st (George Carless)</li></ul></li>
<li><strong><a name="00509" href="msg00509.html">[ale] Linux Distributions</a></strong>
<ul><li><em>From:</em> groups at ChangingLINKS.com (ChangingLINKS.com)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00541.html">[ale] Linux Distributions</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00543.html">[ale] Sunday 05-22-05 6PM RUN-AS-ROOT CHALLENGE</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00509.html">[ale] Linux Distributions</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00571.html">[ale] Linux Distributions</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00542"><strong>Date</strong></a></li>
<li><a href="threads.html#00542"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>