[Pipet Devel] new server up

Carlos Maltzahn carlosm at moet.cs.colorado.edu
Thu Mar 18 15:07:38 EST 1999


I don't know the details of these security flaws. But if you look at the
RH errata you see a lot of updates regarding users being able to get root
access. It might all be fixed by now -- or it might not. I know of
multiple groups here who switched to Debian because they had
problems with people being able to hack into their RH systems.

I'm not a firewall expert either. All I know is that breakins at the CU CS
department were very frequent until we introduced a firewall, ssh, and
one-time passwords.

Carlos 

On Thu, 18 Mar 1999, Rahul Jain wrote:

    On Thu, 18 Mar 1999, Carlos Maltzahn wrote:
    
    > Our passwords are going through the Internet in plain text. It's extremely
    > easy to snoop them and then login. Red Hat's user friendly admin tools
    > have the tendency to permit users to acquire root access among other
    > things. RH's distributions are so unsecure that our department
    > doesn't allow us to connect RH computers to the network inside the
    > firewall. The Debian distribution tends to be more secure. 
    
    I agree that Debian is generally more secure, but what's this about
    getting root with the admin tools? They're not suid root.
    
    -- 
    -> -\-=-=-=-=-=-=-=-=-=-/^\-=-=-=<*><*>=-=-=-/^\-=-=-=-=-=-=-=-=-=-/- <-
    -> -/-=-=-=-=-=-=-=-=-=/ {  Rahul -<>- Jain   } \=-=-=-=-=-=-=-=-=-\- <-
    -> -\- "I never could get the hang of Thursdays." - HHGTTG by DNA -/- <-
    -> -/- http://photino.sid.rice.edu/ -=- mailto:rahul-jain at usa.net -\- <-
    |--|--------|--------------|----|-------------|------|---------|-----|-|
       Version 11.423.999.210000101.23.50110101.042
       (c)1996-1999, All rights reserved. Disclaimer available upon request.
    
    



More information about the Pipet-Devel mailing list