WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] patch for vanilla kernel

from [Stephan Seitz] [Permanent Link][Original]
To: Tom Brown <xensource.com@xxxxxxxxxxxxxxxxxxx>
Subject: Re: [Xen-users] patch for vanilla kernel
From: Stephan Seitz <s.seitz@xxxxxxxxxxxx>
Date: Wed, 27 Feb 2008 15:04:50 +0100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Wed, 27 Feb 2008 06:05:28 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
In-reply-to: <Pine.LNX.4.64.0802261502010.25440@localhost>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Organization: netz-haut e.K.
References: <47C44EEA.60908@xxxxxxxxx> <Pine.LNX.4.64.0802261133490.25440@localhost> <Pine.LNX.4.64.0802261152040.25440@localhost> <200802261853.55676.douglas@xxxxxxxxxxxxx> <Pine.LNX.4.64.0802261502010.25440@localhost>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.6 (X11/20071022) 


then you need to be using kernels that aren't 18 months out of date.

Humm... SQL Injections don't has any issue with kernels and the PHP fails
normally runs with low level privileges on system, it could... but it's not 
likely to hit the kernel without huge efforts.
wtf? There are thousands of crappy php scripts out there that can be tricked into running arbitrary code ... add any one of the priviledge escalation vulnerabilities and the attacker can escalate "arbitrary code" into "root access". 

Indeed, we all have to keep our systems secure, but this doesn't necessarily
means that we need to keep the latest bleeding-edge kernel version running.

I agree with you, that it IS possible to escalate privileges even with dumb
php scripts, but I disagree that newer kernel versions are tha best way to
fix those issues.

btw. I also found xensource's 2.6.18.8-xen *much* more stable than any xenified
kernel on 32bit as well as on 64bit.

for newer drivers a backport is always possible.

Stephan

Attachment: s_seitz.vcf
Description: Vcard

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] domU on v3.2 is not booting, Masroor Vettuparambil
Next by Date:  Re: [Xen-users] xen tools for checking performance, Casper
Previous by Thread:  Re: [Xen-users] patch for vanilla kernel, Valter Douglas Lisbôa Jr.
Next by Thread:  Re: [Xen-users] patch for vanilla kernel, Pasi Kärkkäinen
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy