Re: BTTV detection broken in 2.4.0-test11-pre5

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: David Ford <david@linux.com>
To: Christer Weinigel <wingel@hog.ctrl-c.liu.se>
Cc: linux-kernel@vger.kernel.org
Subject: Re: BTTV detection broken in 2.4.0-test11-pre5
Date: Sun, 19 Nov 2000 08:21:39 -0800	[thread overview]
Message-ID: <3A17FE13.9DE68202@linux.com> (raw)
In-Reply-To: <20001119150837.8EF2737237@hog.ctrl-c.liu.se>

[-- Attachment #1: Type: text/plain, Size: 1995 bytes --]

Christer Weinigel wrote:

> >Kernel on writeprotected floppy disk...
>
> So change the CMOS-settings so that the BIOS changes the boot order
> from A, C, CD-ROM to C first instead.  *grin*  How long do you want
> to keep playing Tic-Tac-Toe?
>
> Of course, using capabilities and totally disabling access to the raw
> disk devices and to any I/O ports might be the solution, provided that
> there are no bugs or thinkos in the capabilities code.

How much time do you want to spend hardening your system?  A few simple steps can
make things very hard for a remote attacker.

Everyone wants to decry every tiny little step saying there are a dozen ways to
get around it.  But take 12 simple steps to take care of those dozen ways, and
you've upped the bar sufficiently.  It will take a much more skilled person to
get past your defenses.

Most exploits depend on a common system layout.  I.e. a redhat script issue.
Immediately you have hundreds of thousands of systems around the world which are
probably vulnerable.  If however you've only installed 10 megs worth of total
system programs and kernel etc that you've carefully decided are necessary, you
probably don't have those scripts.  With this attention to detail, you probably
shut off all those extraneous services like rpc.statd.  Chances are you have a
chrooted BIND and on top of that you're running 9.0.1rc2.  With all that covered
I'd hazard a guess that your nicely tidied up iptables are preventing access to
anything you're not paying attention to.

Every item you add to this hardening checklist makes your system much less of a
target.  First it has less of a signature on a perp's someisp.addresses.com
sweep, and second, once it's found there are less and less available options for
intrusion.

So instead of doing nothing because someone can always infiltrate your system, do
a few somethings so it raises the bar against whomever tries.

Those dozen doors are great for a shopping mall, but bad for a classified room.

-d

[-- Attachment #2: Card for David Ford --]
[-- Type: text/x-vcard, Size: 176 bytes --]

begin:vcard 
n:Ford;David
x-mozilla-html:TRUE
adr:;;;;;;
version:2.1
email;internet:david@kalifornia.com
title:Blue Labs Developer
x-mozilla-cpt:;14688
fn:David Ford
end:vcard

next prev parent reply	other threads:[~2000-11-19 16:53 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2000-11-17  0:31 BTTV detection broken in 2.4.0-test11-pre5 Werner Almesberger
2000-11-17 20:08 ` Gerd Knorr
2000-11-18 13:14   ` Werner Almesberger
2000-11-19  8:24     ` Gerd Knorr
2000-11-19 10:46       ` David Ford
2000-11-19 12:56         ` Gerd Knorr
2000-11-19 13:49           ` Keith Owens
2000-11-19 19:03             ` Gerd Knorr
2000-11-19 21:45               ` Keith Owens
2000-11-19 15:16           ` David Lang
2000-11-19 14:49             ` Alexander Viro
2000-11-19 15:11               ` Dan Hollis
2000-11-19 15:08                 ` Christer Weinigel
2000-11-19 15:45                   ` Alexander Viro
2000-11-19 15:54                     ` Dan Hollis
2000-11-19 21:08                     ` Ben Ford
2000-11-19 15:50                   ` Dan Hollis
2000-11-19 16:53                     ` Alan Cox
2000-11-19 20:53                       ` Rogier Wolff
2000-11-20  3:22                         ` Dan Hollis
2000-11-20  1:16                     ` David Woodhouse
2000-11-20  3:00                       ` Dan Hollis
2000-11-20 15:47                         ` Ragnar Hojland Espinosa
2000-11-19 16:21                   ` David Ford [this message]
2000-11-19 21:06                   ` Ben Ford
2000-11-19 14:49             ` Keith Owens
2000-11-19 17:36             ` Gerd Knorr
2000-11-19 16:02           ` David Ford
2000-11-20 10:22           ` [PATCH] " Richard Guenther
2000-11-20  2:14       ` [PATCH] bttv_card & bttv_radio (was Re: BTTV detection broken in 2.4.0-test11-pre5) Werner Almesberger
  -- strict thread matches above, loose matches on Subject: below --
2000-11-20  4:39 BTTV detection broken in 2.4.0-test11-pre5 Wayne.Brown

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3A17FE13.9DE68202@linux.com \
    --to=david@linux.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=wingel@hog.ctrl-c.liu.se \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox