Lately there has been a lot of talk about the newly discovered (but 8 years old) bug in the 2.x Linux kernel series.
Personally, I always research such claims before going into an admin-panic, and surely enough, it paid off this time as well as before. Seems the exploits have to be executed in full user-space with at least standard shell-access. To me, local exploits are not that worrysome, because I'm the only one really using my Linux-machines physically, and the few users that DO have shell-access on them, are mostly friendly superusers with no ill intent what-so-ever.
One server is connected directly to my ISP-protected NAT access-ring, and configured with a reasonably (but strictly) secured firewall, it provides public web-services. This machine has not posed any problems, not with implementation nor security. It runs all-vanilla software and configurations.
My other server is placed in an internal LAN, 2 firewall-rings further in from the public machine, protected by a linux-based router-gateway with no public shell-access (so, no severe security risks so far). This internal LAN sever provides a webapp-database only reachable by the public machine for web-serving purposes, Windows file-sharing only accessible by the internal LAN and a mediaserver only accessible by my PlayStation3 system.
I'm not in a hurry to patch/upgrade any of them right off the bat, I'll do it when I have time...
Links:
0 kommentarer :
Post a Comment