[nzlug] Redhat 7.1 - why do people still use this??
Craig Box
craig at dubculture.co.nz
Fri Nov 30 06:21:37 NZDT 2007
On Nov 29, 2007 12:13 PM, Steve Holdoway <steve at greengecko.co.nz> wrote:
> Just to take a hypothetical case... you have a web server - only ports 80
> and 443 are available to the internet. You build said webserver up from
> source, and it is patched to the hilt.
>
> Why would you need to install a security patch, ever?
>
Because a 0-day "get apache-user access" exploit becomes a "get root access"
exploit on a server that has any local privilege escalation bugs. Is that a
risk you're willing to take?
Craig
More information about the NZLUG
mailing list