Re: How do I verify a patch is applied?
From: Chris Morris (c.i.morris_at_durham.ac.uk)
Date: 07/08/03
- Next message: Mike: "Re: How do I verify a patch is applied?"
- Previous message: yxuz: "jerks who forge your name and email to post on newsgroups,what can you do to them?"
- In reply to: Yong Huang: "How do I verify a patch is applied?"
- Next in thread: Mike: "Re: How do I verify a patch is applied?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 08 Jul 2003 09:00:06 +0100
yong321@yahoo.com (Yong Huang) writes:
> Managers keep forwarding security alerts to us even though our Apache
> is running inside the firewall (the same with Oracle listeners and
> other products). So we apply the patch. But without knowing how the
> security hole is exploited, we can only show managers the output of
> httpd -v to prove our work. Are we supposed to have somebody really
> check by trying to hack? Applying security patches becomes tedious
> without knowing the exploit. But obviously we won't know it unless we
> spend a lot of time on hackers' forums. What's common practice?
Don't forget that some security fixes are against potential problems
for which no real-world exploit is known.
Also don't forget that being inside the firewall only helps if a) the
firewall works and b) the integrity of every other machine inside it
is good.
-- Chris
- Next message: Mike: "Re: How do I verify a patch is applied?"
- Previous message: yxuz: "jerks who forge your name and email to post on newsgroups,what can you do to them?"
- In reply to: Yong Huang: "How do I verify a patch is applied?"
- Next in thread: Mike: "Re: How do I verify a patch is applied?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
