LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Bitten by old bugs

Bitten by old bugs

Posted Aug 14, 2003 16:13 UTC (Thu) by ncm (subscriber, #165)
In reply to: Bitten by old bugs by proski
Parent article: Bitten by old bugs

Libraries used by programs that do keep open ports are rarely treated with the same care as those programs, even though they contribute equally to vulnerability. Also, programs running at reduced privilege are not treated as seriously even though vulnerabilities there lead to local shell access and to the much richer exploit opportunities available that way.

The FSF ftp server compromise occurred not because a new hole opened up, but because somebody found a hole that was there and used it. Probably there are dozens more, and it might have happened dozens of times before, but not so many people are interested yet. As it is, the best that can be done is to reduce the number of people who have logins.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds