How do I verify a patch is applied?

From: Yong Huang (yong321_at_yahoo.com)
Date: 07/07/03

  • Next message: yxuz: "jerks who forge your name and email to post on newsgroups,what can you do to them?"
    Date: 7 Jul 2003 13:55:14 -0700
    
    

    Managers keep forwarding security alerts to us even though our Apache
    is running inside the firewall (the same with Oracle listeners and
    other products). So we apply the patch. But without knowing how the
    security hole is exploited, we can only show managers the output of
    httpd -v to prove our work. Are we supposed to have somebody really
    check by trying to hack? Applying security patches becomes tedious
    without knowing the exploit. But obviously we won't know it unless we
    spend a lot of time on hackers' forums. What's common practice?

    Yong Huang


  • Next message: yxuz: "jerks who forge your name and email to post on newsgroups,what can you do to them?"

    Relevant Pages