LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Supporting CentOS

Supporting CentOS

Posted Apr 7, 2011 18:43 UTC (Thu) by herrold (guest, #54970)
Parent article: Supporting CentOS

From the article:
there can be no contesting the fact that every CentOS 5 system out there is currently running with a significant set of known holes

Why does LWN propigate FUD like this? A well-managed general CentOS unit exposed to the internet (or even just to unknown hostile 'trusted insiders' in a private network segment) is not running without iptables and wrappers, and is not exposing all services on all possible ports. There is no remote vulnerability in the kernel, in iptables, in wrappers, nor in the sshd as regularly configured

If the author of this statement (seemingly Jonathan Corbet) wishes to demonstrate such, please contact me, and I'll provide a unit at an IP for him to test until the cows come home. If he can compromise, it, I'll readily update this comment acknowledging the same. I trust he'll retract the quote above if (and I antcipate, when) it proves false

-- Russ herrold

(Log in to post comments)

Supporting CentOS

Posted Apr 7, 2011 19:15 UTC (Thu) by Trelane (subscriber, #56877) [Link]

there can be no contesting the fact that every CentOS 5 system out there is currently running with a significant set of known holes
A well-managed general CentOS unit exposed to the internet (or even just to unknown hostile 'trusted insiders' in a private network segment) is not running without iptables and wrappers, and is not exposing all services on all possible ports.

So what you're saying is that yes, there are holes, but they're covered with a piece of sheet metal.

You're not contesting the existence of holes; rather, you're claiming they're not exploitable holes due to other security measures in place.

Supporting CentOS

Posted Apr 7, 2011 20:32 UTC (Thu) by LightDot (guest, #73140) [Link]

How about CentOS servers providing shared hosting accounts? And those running virtual private servers, either KVM, openVZ or XEN?

Are you basically saying that servers with very very limited and firewalled network services, with no untrusted local users, aren't vulnerable? That's nice but nearly not good enough.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds