> I'm not close to talking about letting a box sit around unpatched for months
> like too many do.
I would do that.
Here was a box, which was set up 2 years ago, with non-exec-stack patch
and all suids removed. RH4.2 I think. It took me about 2 weeks to set it
up and test (basically, it took that time to make RedHat secure)
And it was running about 1.5 years(till we wanted to upgrade it on other
reasons) the way that all bugtraq root exploits
were going by. Half of it thanks to RH suid bits sent to hell, the other
half thanks to that patch.
it was login,X,http,nfs,imap,ssh,lpd server.
I just cant estimate the workhours that patch has been saving for us(2
weeks ?) on 5 servers.
elmer.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/