just a short note to all of you:
linux is not secure. Passwordless root is here :-*
Yes, it has been published elsewhere, but I’ll do mine to push this meme to you: there can be no “untrusted local users” nor do I believe that your services aren’t exploitable.
Two seconds later I have root on your box.
Despite LSM. Despite SELinux. Despite jails and virtualization. Despite all your assumptions.
You will need some very fine security gents and a little of your own smarts to secure your nets. Call us :-)
The best link on this issue so far has been:
Do you want security? Go run carpal-tunnel-inducing OpenBSD, swell swell if only it smelled well FreeBSD, or, *drum rolls*
Only disadvantage I can see is that they don’t provide amd64 and desktop builds.
Dilligence and perseverence is the path to victory, and although paranoia may not be the path to safety noone should leave their front door open.
In other news, and probably a little lame for those of you coming thru the planet feed, security.vcl is here – properly used, understood and abused it could save you some worries, making sure no “untrusted user” went “local” in the first place.
Also, tell your friends: there is a Facebook virus about. It sends links to you from your friends accounts. If you click on the link, you too will be sending your friends links.
Yeah, I know, that sounds like what I do on facebook all day. Except the difference is you don’t know you’re sending links.
So watch out.
And tell your less savvy friends.