[CentOS] Correct xen domains path
lists at spuddy.org
Mon Jun 18 17:24:01 UTC 2007
On Mon, Jun 18, 2007 at 07:17:54PM +0200, Daniel de Kok wrote:
> On Mon, 2007-06-18 at 12:56 -0400, Stephen Harris wrote:
> > The security rule of thumb here is that such machine _will_ be attacked,
> > and so "security in depth" is the process to apply.
> There are far more attack vectors than just through network facing
> daemons. To name just one example, web browsers. Unfortunately, Firefox
> is not yet protected by the targeted policy. Hopefully that will happen
> one day.
Web browsers typically don't run as root and don't run on servers, but
work stations. They also require users to access "infected" sites.
Daemons on internet facing systems generally provide access to application
data (eg a web application) or system resources (eg ssh) with higher
priveleges and are candidates for automated zombie attacks and, therefore,
have a much bigger risk profile.
More information about the CentOS