New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
It’s a real shame lzip was not adopted instead. The only compression format that handles corruption without losing the rest of the stream, ie the only compression format fit for purpose to use with tar
I think that the same criticism might be applied to many other projects. Of course, with the microscope on it, this one steals the spotlight, but the old adage that "if the architects would have built the towns the way the programmers are building their code, any woodpecker would be able to destroy civilization" still applies.
Intentional malice, though, is the next 2 levels up.
Allowing only certain IPs in the firewall would block that but, yes, for as long as the attacker can connect to the SSH port, I believe the exploit would work.
Not a criticism, just a vague amendment to the "any" statement and also a reminder that one could always be very strict regarding firewalls without actually breaking functionality. If your server needs to allow only certain other servers to connect and you are the only one who has any business ssh-ing into it then allowing only those IPs and only those ports is a very good idea.
Well, duh. Of course if the service is totally inaccessible to an attacker over the network it's not practically exploitable. Doesn't change the fact that it's theoretically vulnerable (for example as a local root privilege escalation exploit).
As I said, not a criticism
Many ppl read here, some of them newbies running a game server and whatnot, I try to be Captain Obvious for most people here but also give some info and ideas to newbies.
Yeah, I think my response came off more rude than I intended, sorry.
The advice you gave is good and cases like these show how this kind of firewall "paranoia" is just sound security practice that prevents headaches down the road!