Skip to comments.
Software flaw threatens Linux servers
C|Net ^
| November 28, 2001, 1:50 p.m. PT
| Robert Lemos
Posted on 11/28/2001 1:28:10 PM PST by Don Joe
click here to read article
Navigation: use the links below to view more comments.
first previous 1-20 ... 121-140, 141-160, 161-180 ... 341-354 next last
To: Bush2000
If IIS bugs are "Windows bugs", then this is certainly a "Linux bug". IIS bugs are 'Microsoft' bugs -- because MS *makes* IIS. IIS bugs are not 'Windows' bugs.
And this is not a Linux bug. Man, you really have to be kidding, right? You at least know that much, don't you?
Ask yourself -- with this bug, can you attack the OS itself? The answer is *no*. This is not an OS vulnerability.
I'm beginning to wonder about ya'll. Are you seriously trying to claim this as a Linux bug?
To: Dominic Harr
For example -- this security flaw wouldn't allow someone to affect the OS. That's what 'Linux and Unix are secure' means. Not that there has never been buggy software *for* it. Let's see... having root access to a Linux box isn't affecting the OS?
Guess I don't need to worry about hackers geting the passsord for my NT administrator account now. Thanks for making me sleep better at night.
To: oc-flyfish
How does this grab you? Hook up with a cable modem, then run a network scan with PC Anywhere. Any guesses as to how many people will have PC Anywhere running without even a password?
To: Dominic Harr
The 'security' issue is about the OS itself.
Here's where you're on weak ground, Dominic. The reason that we're annoyed with Linux trolls is not because there's a bug in their FTP server. Hell, I expect bugs in ALL software (especially yours). The problem is their bogus insistence that "it can't happen because open source is a superior model to commercial models". And spare us the nonsense about not being able to compromise the OS. Buffer-overrun attacks can wipe out Linux just as easily as Windows.
To: stylin_geek
That's an example of bad default installation, if PC Anywhere will actually let you load it, and start it up without a password protect.
To: oc-flyfish
I can't tell you how many times I have heard that these types of things NEVER happen in open source (ala Linux, FreeBSD, Solaris). I think you're making that up.
One of the big 'plusses' of open-source is that bugs get fixed more quickly.
No one would *ever* say that open-source never makes buggy software. I don't believe anyone said that. We tout how *fast* we fix bugs. If there were no bugs to begin with, we couldn't be so good at fixing them. And the real story here is how so many companies worked on fixes so quickly.
I'm guessing you just misunderstood . . .
To: Dominic Harr
"You sound *so* uninformed right now." Damn, Batchmo, it's like clockwork. Every time you spot your undies, you start squealing like a Valley Girl.
Can you like *drop* the Valleyspeak filter? It's like *so* 1985. Like *gag* me, ewwww!
147
posted on
11/28/2001 3:29:13 PM PST
by
Don Joe
To: stylin_geek
Oh believe me I know. I did a port scan once and started snickering. I then tried to connect via UNC (\\10.10.10.10) and connected right to some dude's C drive.
To: Bush2000
Who says bugs can't happen? That's different that saying open-source or commercial software is better. Actually, like different computers, the different models are good at different things.
To: oc-flyfish
Let's see... having root access to a Linux box isn't affecting the OS? How would this give root access to the FTP user?
This bug doesn't give root access, that I'm aware of. Am I mistaken? Where does it say *that*?
To: Dominic Harr
Yeah, it does. WU-FTP runs as root.
To: Bush2000
The problem is their bogus insistence that "it can't happen because open source is a superior model to commercial models". Nice backtracking, but nope -- ya'll are claiming this is a Linux bug.
Besides, one of the biggest claims of 'open source' is we fix bugs *quickly*. So we obviously never claimed to have no bugs. You just put your foot in it, and I now wonder about your actual technical ability. You *can't* have really meant the things you've been saying, can you?
To: Dominic Harr
I think you're making that up. Nope, in fact I have heard it so much that it makes me want to vomit.
One of the big 'plusses' of open-source is that bugs get fixed more quickly.
Didn't happen here. I tend to disagree with this. I think MS has just as much incentive to fix a bug as does the open source community. No one looks good with "open doors" to the OS be it Linux or Windows.
To: Bush2000
"What's the matter, people? Cat got your FTP server?"
Lol, see #131.
154
posted on
11/28/2001 3:35:43 PM PST
by
Justa
To: Dominic Harr
Batchmo Logic is like that joke about the two guys lost in the woods. Finally, the one with the map looks up, and exclaims that he knows where they are. The other guy asks where are we, and the map guy points to his map, then points to the horizon, and says, "See that mountain? We're right on top of it!"
All your cloying little pocket-strokes notwithstanding, the fact remains that countless Linux admins are having flakey $#!+$ tonight because their systems were compromised by an open-source OS component.
Call me skeptical, but somehow, I doubt that your gloating -- in the face of their agony -- would be received with welcome arms tonight.
But hey, WTF do I know? Maybe you really should hop on the ol' bandwagon and remind them all that their systems are impregnable, and there's nothing to worry about.
After you calm them down, you'll have their attention, so you can let them know how Java crapplications never crash, and run like greased bats with JATO pods fleeing from Hell Heights with a strong tailwind.
155
posted on
11/28/2001 3:35:47 PM PST
by
Don Joe
To: Dominic Harr
This bug doesn't give root access, that I'm aware of. Am I mistaken? Where does it say *that*?Unless my lunch is making me loopy, I read it here on this tread. The daemon runs as root and allows the person to take control of the system after overflowing the buffer.
To: Liberal Classic
Yeah, it does. WU-FTP runs as root. Where did you get that? I've never used that FTP software, but that makes *no* sense. Are you sure? I can't believe *anyone* would give any software 'root' access, especially any networking-type software like an FTP server.
If someone made the FTP client run as root on *purpose*, then absolutely that is a problem. But again, that isn't a 'Linux' problem now, is it? Not related to the OS or people making Linux, is it?
To: Liberal Classic
Who says bugs can't happen? That's different that saying open-source or commercial software is better. Actually, like different computers, the different models are good at different things.
Are you really going to sit here and tell me that the trolls at Slashdot, etc don't say that Linux has rock-solid reliability (ie. few to no bugs)?
To: Don Joe
After you calm them down, you'll have their attention, so you can let them know how Java crapplications never crash, and run like greased bats with JATO pods fleeing from Hell Heights with a strong tailwind. LOL. Now why did you have to bring that up? :-)
To: Liberal Classic
Will you cut back you trolling? You shrill posts are starting to sting my eyes.
Heh heh. It's all in good fun.
Navigation: use the links below to view more comments.
first previous 1-20 ... 121-140, 141-160, 161-180 ... 341-354 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson