[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Re: Kernel versions 2.2.x are also affected by new Kernel bug!



On Tuesday 15 June 2004 06:45, Boris B. Zhmurov wrote:

> On 15.06.2004 14:20 you said the following:
> | The bug is classified "Gravierend" in Heise Newsticker, which I do
> | not fully comply with. This is a post-auth local DoS that there
> | exist
>
> many of
>
> | these days. All of those have a simple cure: userdel -r.
>
> And what about hosting providers with thousands of clients? User can
> upload exploit via ftp and execute it via httpd.
> Internet Service Providers have to userdel -r too?

Not just "yes", but "hell, yes".  For one, if you have a user/customer 
that would do that to your system, you don't need them, no matter how 
much they pay.  Also, most hosting TOS/AUPs prohibit that kind of 
behavior.  If I had a customer who did that to my system, his account 
would be cancelled and his name given to the other ISPs and hosting 
providers in town before that machine was finished rebooting.

-- 
Homepage			http://scott.exti.net
XFce desktop environment	http://www.xfce.org
Goodies for the XFce desktop	http://xfce-goodies.berlios.de
GPG public key ID: 811B00AB

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here