Re: What is Ghost i.e security hole in the Linux?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Allegedly, on or about 28 January 2015, Doug sent:
> ... A remote attacker able to call either of these functions could
> exploit the flaw to execute arbitrary code with the permissions of the
> user running the application....

All these security flaws come with the usual "flaw allows escalation of
privileges, able to execute arbitrary commands..." red flags, but rarely
give an understandable note about how easily an external hack can begin
the attempt while the user is doing something ordinary that exposes them
to the thing.

i.e. It's all jargon aimed at programmers.

In the dim and distant past, when I had a brief dalliance with Windows
before Linux became realistically usable, you'd commonly get warnings
about flaws which gave understandable information.  e.g. Opening a
malicious attachment, or even just reading a malicious email, with
version of <particular> program less than x.y, allows the hacker to do
destructive things to your system.

I know I've vagued-up the example, but you've got a sample of something
that you might actually do - simply read an email, not even do anything
with the attachments, get a virus because your email program stupidly
executes something embedded in it.  That's probably less of a risk to
Linux users, because we've never had stupid software like Outlook or
Outlook express.  But we've certainly got browsers with flash plug-ins
installed, which (flash) has always been a security nightmare, and it's
just not feasible to simply forbid it; so many websites that we
regularly want to use would simply fail to work.

-- 
[tim@localhost ~]$ uname -rsvp
Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64

All mail to my mailbox is automatically deleted, there is no point
trying to privately email me, I will only read messages posted to the
public lists.

George Orwell's '1984' was supposed to be a warning against tyranny, not
a set of instructions for supposedly democratic governments.

ZNQR LBH YBBX



-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux