[TriLUG] Re: Security through obsolecense
Jerry
gordon at med.unc.edu
Mon Jun 10 16:46:10 EDT 2002
trilug-request at trilug.org wrote:
Message: 14
> From: Sinner from the Prairy <sinner at escomposlinux.org>
> Organization: escomposlinux.org
> To: trilug at trilug.org
> Date: Fri, 7 Jun 2002 11:51:32 -0400
> Subject: [TriLUG] Security through obsolecense
> Reply-To: trilug at trilug.org
>
> Hi there,
>
> After reading about firewalls running at runlevel zero, security through
> obsolecense is just another interesting idea.
>
> At least I cannot "break" the reasoning. Can you?
>
> http://newsforge.com/article.pl?sid=02/06/05/1228236&tid=2
>
> What do you think?
>
> Salut,
> Sinner
> --
> RedHat QA Test Engineer -- Running RedHat 7.3 on i386smp
> http://www.ibiblio.org/sinner/
>
> --__--__--
Hello,
I can imagine a scenario in which a vulnerability in a code base is
discovered after an OS version is no longer supported so that there will
be no patch. I understand it will still be more work to get any use from
attacking the old OS if the attack script assumes the locations of files
or depends on a library that did not have the same functions in the old
OS. Maybe it is not a lot of work to get around this by making all the
attacker's files statically linked. So I sense that an automated script
attack against an old OS could in fact penetrate the OS but fail to do
anything else because the downloaded executables will not run. After
such a "failed" attack there would still be some cleanup to do (ls and
ps cause segmentation faults for example) but unless I were using
something like tripwire I might remain uncertain that I had done a
complete cleanup.
Jerry
--
Gerald W. Gordon, Ph.D.
Department of Cell and Developmental Biology
Taylor Hall, CB 7090
University of North Carolina
Chapel Hill, NC 27599
919/966-2941 (vox)
919/966-1856 (fax)
Gordon at med.unc.edu (email)
More information about the TriLUG
mailing list