Linux in the news
All in one big page
See also: last week's Security page.
NewsA security problem in the Linux 2.2.X kernel series was reported on Bugtraq on Tuesday, June 1st. The vulnerability caused a system panic when a large number of specific ICMP packets were sent. Within the same day, Alan Cox responded. He had confirmed the problem, found the cause and issued a patch for people who wanted an immediate fix. A day later, Red Hat had new kernel packages available containing the fix.
It is interesting to note that Alan actually apologized for how long it took him to get a patch out. That's pretty amazing, considering that the turn-around for a fix took a fraction of the time an equivalent fix might have come from a proprietary company. This type of responsiveness is what we've claimed the Linux community can and will provide. Many thanks to Alan, and to Red Hat, for proving us right.
SecurityPortal.com has an article this week on Better Network Security through Peer Pressure, which takes a look at active efforts to combat two common problems on the Internet: Smurf Amplifier Attacks and Third Party Mail Relay. They talk about sites that are dedicated to searching, reporting and publishing information about affected Internet sites and provide some tips for cleaning up your own systems.
UpdatesThe securelinux project that we mentioned last week is going like gang-busters. Rik van Riel sent a note indicating that his company's plan to build the distribution have solidified and they are looking for other people interested in helping with the project. Check out the secure Linux web page for more details. A new mailing list has also been announced.
In fact, traffic on the new mailing list is relatively heavy. Some good postings that have come up so far include a preliminary list of goals and a website where you can vote for a preferred name for the new project.
Attention has also been paid to the Khaos distribution, an existing distribution with similar goals. This note from Ernst Jan Plugge mentions concerns that the closed development model apparently being used with Khaos may not mesh well with the securelinux project. However, sharing resources to avoid duplication of effort was still considered important.
ResourcesThe Linux Administrators Security Guide has been officially announced. It is available for free for non-commercial use in PDF format. There is also an FAQ available, which answers questions like why the license is lightly restrictive ("Because I don't want modified versions running (i.e. I want to maintain some revision sanity) around that may be incorrect") and why it is only available in PDF format ("PDF is the only language that allows me to format it nicely, and have it readable under as many OS's as possible.").
Setting up Sendmail on a Firewall is the title of this article by Carole Fennelly, the third of her series of articles on sendmail.
EventsThe Call-For-Papers for Computer Security 99 (DISC 99) has been issued. The event itself will be held October 4th through the 8th alongside Mexico's general computer congress, Computo.99@mx.
Section Editor: Liz Coolbaugh
June 3, 1999