Full Disclosure mailing list archives
RE: [inbox] Re: RE: Linux (in)security
From: Ron DuFresne <dufresne () winternet com>
Date: Thu, 23 Oct 2003 16:04:44 -0500 (CDT)
[SNIP]
First, people can actually audit it for security (you think IBM recommended Linux without going over every single line of code?)Yes.
To support this, take red-hat on the s390 platform; red-hat pushes out the product, which IBM is the back channel support for. I ask in the very first meeting with the red-hat sales-lizard; Umm, there was a vuln released today that affects the kernel, I see red-hat addressed this on the i386 and ia64 as well as the ppc platforms, has it been addressed on the s390, or can you just plain tell me we are not vuln? To which the red-had-lizard was clueless to the whole concept. And it took 4-5 months for IBM to get from red-hat their 'updates' page for s390 rmp's all of which were older then known issues/exploits. Turns out IBM claims to have been unaware that even though red-hat is chanrging for the platform enterprise release, They have not devoted any backend resources to keeping it current. Tells me that also, IBM could not have conducted an audit on what is mont maintained, let alone what was released. And points to the fact that even though it's possible to play linux on the IBM platforms, it's not really ready for prime time. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: RE: Linux (in)security, (continued)
- Re: RE: Linux (in)security Jeremiah Cornelius (Oct 22)
- Re: RE: Linux (in)security Mr. Rufus Faloofus (Oct 22)
- Re: RE: Linux (in)security Peter Busser (Oct 22)
- Re: RE: Linux (in)security Cael Abal (Oct 22)
- Re: RE: Linux (in)security Peter Busser (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Curt Purdy (Oct 22)
- RE: [inbox] Re: RE: Linux (in)security Michal Zalewski (Oct 22)
- RE: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Curt Purdy (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Michal Zalewski (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security William Warren (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security Ron DuFresne (Oct 24)
- Re: [inbox] Re: RE: Linux (in)security Jeremiah Cornelius (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Paul Schmehl (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Andy Wood (Oct 23)
- RE: [inbox] Re: RE: Linux (in)security Paul Schmehl (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security Dan Wilder (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security Paul Schmehl (Oct 23)
- Re: [inbox] Re: RE: Linux (in)security Peter Busser (Oct 24)
- Re: [inbox] Re: RE: Linux (in)security Shawn McMahon (Oct 24)