F17 Beta DVD install options

Kevin Fenzi kevin at scrye.com
Thu Apr 19 14:45:22 UTC 2012 

On Wed, 18 Apr 2012 21:19:18 -0500
John Morris <jmorris at beau.org> wrote:

> Which brings up a good point.  I know that the only way to be sure is
> booting the machine from a known good[1] rescue media and then check
> with a copy of RPM running from there using the --root option to point
> at the suspect filesystem to ensure the system's rpm binary isn't
> trojaned or the kernel patched to show the original executables to
> rpm. And even then a REAL enemy would exploit a zero day buffer
> overflow in rpm via the infected rpm database.
> 
> On the other hand, has there ever been a real case found in the wild
> of an infestation that was so good at covering its tracks?  The
> security problems I saw in the past were the crudest script kiddies
> and I haven't even seen one of those attacks succeed since the 20th
> Century even on erratically updated machines.  There aren't a lot of
> exploits against Linux to begin with, how many are going for deep
> penetration that aren't targeted hits by intelligence agencies?  If
> the NSA wants to look at your or my machine they will and we will
> almost certainly never have a clue they were there.
> 
> In short, just how theoretical an attack am I expending effort to
> repel?

In my experience, not at all theoretical. 

Anything that is a known remote exploit in any commonly distributed
free software likely has bots scanning for the vulnerable versions and
exploiting them. 

I've seen a number of machines over the years that were compromised,
then rootkitted and then left to their own devices. Often they have
some many compromised machines that they don't get time to go and use
any of them for anything. Sometimes they install control software like
an irc bot and otherwise leave the machine alone until they need it.
Some are done in a clumsy manner, others are done in a way that rpm or
the like don't show the compromise and the only way you can tell is
from other data. 

So, feel free to run a EOL distro or not apply security updates, but I
suspect this will bite you sooner rather than later. I don't mind if
people choose to do this, but I do think we should make sure and let
those reading know that this is particularly bad advise to follow for
the majority of folks. 

All, IMHO. I've only been a full time linux sysadmin admin since 1998. 

kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/test/attachments/20120419/babf51e3/attachment.sig>

More information about the test mailing list