Software flaw threatens Linux servers

C|Net ^ | November 28, 2001, 1:50 p.m. PT | Robert Lemos

[Don Joe]

"Btw, XP blows cuz it doesn't have memmaker."

Huh?

WTF do you plan on doing with a 16 bit memory manager on a native 32 bit OS?

Or were you just trolling?

[Bitwhacker]

Ditto everything you said: Just say NO to wu.ftp; nobody sees my port 21; anonymous ftp is verboten.

Port 21 attacks are well-known, or so I thought...

[JRandomFreeper]

Port 21 attacks are well-known, or so I thought...

Not to the idiots that chase the latest fad. You know the type, they screw up the MBR on your dad's MS box, get their Novell certification so they can get fired for deleting files they thought didn't matter, then got their MSCS mail-order from Liberia, got laid off in the last downturn and now have System Admin on their business cards. The ones that think they know unix because they recently did a Caldera install, but don't know the difference between /etc/services and /etc/inetd.conf. Snerk!

/john

[TechJunkYard]

Define "distribution". Are you talking about retail ... or just some ISO that a bunch of dorks downloaded from the Web?

Since no one else has answered this.. a "distribution" is a particular entity's (RH, Mdk, Suse, Corel (well, nevermind them)) Linux "Package"... contains the kernel source and binaries, tools and daemons, X-windows stuff (usually Gnome and KDE), initialization scripts, and usually some configuration tools specifically written by the company for that distribution.

Roughly equivalent to a "Release" in your world.

[Justa]

It was sarcasm; kinda like running wuFTP in a current Linux distribution, i.e., it's not happening.

Btw, I run XP Pro along with my Linuxes and like it. I've got an MCP in 2000 but see Linux is the future. To me it looks like the mid-80s and what MS was doing with DOS vs. the proprietary IBM/DEC/Wang business systems and the personal boxes of Amiga, Commodore, Apple, Tandy, etc. Only now Linux is offering the winning formula of a cheaper, easy-to-license, easy-to-develop, cross-platform OS with broad hardware compatability. Imo whomever offers that can undercut any OS in time.

[JRandomFreeper]

I like Suns actually, having worked with them in the past

SunOS is pretty buggy, but Sun is ok with the patches. The small servers are power pigs too, compared to x86 solutions running linux. They have good hardware reliability, and die predictably. They have great, but pricy (if out of warranty), service for broke stuff. The Sun warranty system is better at keeping records than most admins. Read them the S/N, and they will tell you the day your PO hit, and whether warranty still covers it. Sun is ok, but the best I ever got out of a server was 565 days uptime. Course, we had to unplug the server to move it. GRIN!

/john

[max61]

Look, either open source works -- or it doesn't. If you guys can't fix these problems, maybe you should pay somebody to do it for you.

Look either you have a brain or you don't. You appear to be in the later category. When you can code, give me a call, I'll give you a $30k a year job to produce flawless code.

---max

[JRandomFreeper]

I'll give you a $30k a year job to produce flawless code.

I can produce code that compiles without error, first time, every time. Unless you make me take out the comment delimiter.

/john

[max61]

Hell yeah! This proves it once and for all, Linux is just as buggy and crashy and exploitable as Windows.

Yet another moron heard from. In the open source world, as soon as someone discovers a security flaw, it is announced. Unlike the Microshaft world where someone gets shafted, then 3 weeks later the security flaw is announced.

If you or anyone else can exploit my Linux server, I'll pay you $1000 American, but then again you probably can't find the "any" key.

Only in America do people think that they are an expert because they are entitled to an opinion.

---max

[max61]

I can produce code that compiles without error, first time, every time. Unless you make me take out the comment delimiter.

All coders start somewhere. Can you say "Data Division"?.

---max

[Bitwhacker]

Yep - the same guys that get the jobs setting up NT servers and leave the default, NETBEUI protol alive on the outbound NIC!!!! Wow, you know your MS newbies!!

[stainlessbanner]

I have a theory w/ MS products - they want to make the installation as easy as possible for users. Security is an afterthought.

[JRandomFreeper]

Can you say "Data Division"?.

Nope, I'm not that advanced. I can say "Accidental Fork Bomb" though.

Recursion makes me dizzy. I could never be a real programmer.

/john

[Don Joe]

"Yet another moron heard from. In the open source world, as soon as someone discovers a security flaw, it is announced."

Evidently you did not trouble yourself to read the article at the top of this thread before weighing in on it.

BTW, you seem to have inadvertently reversed the order of the two sentences quoted above. HTH, etc.

[Don Joe]

"Recursion makes me dizzy."

You don't enjoy writing tiny bits of code that do things an entire human brain can't do?

[JRandomFreeper]

Can't do? or, won't do?LOL! I understand recursion. Towers of Hanoi exersize, and all of that. I still maintain that the best solution to the Towers of Hanoi exersize is to kick the blasted thing over, and stack 'em however I want.

/john

[danneskjold]

Yet another moron heard from. In the open source world, as soon as someone discovers a security flaw, it is announced. Unlike the Microshaft world where someone gets shafted, then 3 weeks later the security flaw is announced.

That's not what the article says:

• "...Core Security Technologies alerted them to the problem Nov. 14."
• "...a situation worsened when Red Hat mistakenly released information on the flaw early, leaving other Linux companies scrambling to get a fix out."
• "The fix is not rocket science," Huger said. "But we weren't working at a breakneck pace to get a patch out, because everyone was working together."
• "...but other Linux software sellers had expected any advisories to be published Dec. 3, giving them time to work on fixes"

[Bush2000]

Look either you have a brain or you don't. You appear to be in the later category. When you can code, give me a call, I'll give you a $30k a year job to produce flawless code.

Where the f*k did that come from? The point in previous posts -- mental midget -- was that wuFTP is notoriously buggy; that, despite it being open source, it's a regular bug pump. I didn't make this up. Your fellow Linux trolls admitted it just as readily. So, if open source really works as the sycophants say it does, there wouldn't be the number of bugs as there are. But quite frankly, I'm a realist and, having actually studied software engineering unlike many of the Linux blowhards around here, I understand that there will always be bugs in software. Period. You can spend an infinite amount of time and money or you can accept a finite number of bugs. So, if you're trying to preach the religion of software engineering, you're preaching to the choir. And really ... you can't afford me. Not by a long shot.

[rdb3]

Fellow FR Geeks who are familiar with me know that I am a die-hard Redhat user. Also, they can tell you that I don't bash MS. I don't care for MS OSs, but nevertheless, to each his own.

This is funny. This is nothing more than competition between the various flavors of Linux. The WU-FTP issue was solved at our job months ago, and it is a very simple fix as well.

Any IS/IT teams at that run Linux servers who do not already know about this "problem" is asleep at the wheel, and isn't worth salt.