Re: [Full-Disclosure] RE: Linux (in)security

From: Paul Schmehl (pauls_at_utdallas.edu)
Date: 10/23/03

Next message: Shawn McMahon: "Re: [Full-Disclosure] Re: Gaim festival plugin exploit"

Previous message: Ron DuFresne: "RE: [inbox] Re: [Full-Disclosure] RE: Linux (in)security"
In reply to: Ron DuFresne: "Re: [Full-Disclosure] RE: Linux (in)security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@lists.netsys.com
Date: Thu, 23 Oct 2003 16:04:17 -0500

--On Thursday, October 23, 2003 02:34:35 PM -0500 Ron DuFresne
<dufresne@winternet.com> wrote:
>
> There's a vast difference in having to backout patches in complex
> production env;s and having a poor patch affect all or most every end
> desktop/home users system too though.
>
And I don't recall the last time that we had to back out a patch in an over
3500 Windows machines environment. In fact, in the last seven years, I can
only recall two incidents where a patch had to be backed out, and both of
those were servers with special applications on them.

I'm not saying that it doesn't happen. It's just not as ubiquitous as some
seem to think it is. There isn't a vast difference between patching
Windows and patching *nix. At least not in my experience, which includes
every version of Windows, RedHat 7-9, Solaris 7-9, OpenBSD 2.6-3.2, FreeBSD
4.7-5.1, Mac 0S 6-X and Gentoo. (I've installed others but don't have much
patching experience on them because I usually dumped them quickly because I
didn't like them.)

Every OS has its problems, and every OS has to be patched. And patching is
a PITA no matter what OS it is. Some are just more of a PITA than others.

The myth of the vast superiority of *nix over everything else (WRT security
and patching) is just that - a myth.

But this conversation has been going on for over 20 years and nothing has
ever been settled. Nor will it be.

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Shawn McMahon: "Re: [Full-Disclosure] Re: Gaim festival plugin exploit"

Previous message: Ron DuFresne: "RE: [inbox] Re: [Full-Disclosure] RE: Linux (in)security"
In reply to: Ron DuFresne: "Re: [Full-Disclosure] RE: Linux (in)security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Russ Coopers AusCERT Presentation on MS Security Bulletins
... but this gal in SBSland thinks that non-patching is NOT the ... I'll take a Security hotfix anyday, thank you, ... feel that I get 100% in my lan of patching. ... there on XP sp2 RC, firewall in place AND the Sasser patch in place, I ...
(NT-Bugtraq)
Re: Patch Management on Critical Servers (Healthcare)
... *nix servers patch management is handled at two levels. ... meeting and approved, especially patching. ... change meetings for the hospitals and dates set. ...
(Focus-Microsoft)
Re: [PATCH] [5/12] x86_64: Make patching more robust, fix paravirt issue
... The broken commit is Rusty's patch which, ... AFAICT patching is writing garbage into the insn stream. ... I suspect it's copying an uninitialized temp buffer. ... Can you send me the revert patch that is verified to work? ...
(Linux-Kernel)
Re: OT: Found this useful over the years.. Crossplatform. Keep your fingers in more than 1 pie
... The Linux kernel had several vulnerabilties even this week....and the ... SuSe folks are working on a patch. ... Patching is a way of life..... ...
(microsoft.public.windows.server.sbs)
Re: change page protection, how to
... I have a very small stub of code ... not possible to circumwent it from user mode. ... patch an application. ... For patching dlls, ...
(comp.lang.asm.x86)