On Tue, Jan 17, 2012 at 9:04 AM, Bennett Haselton <bennett at peacefire.org> wrote: > > But there seems to be some consensus, at least, that exploits do get > found which allow apache to run arbitrary code (even under its > unprivileged account), Web servers are particularly prone to this because webapps are typically designed to map user input to some action in a fairly flexible way (i.e.by mapping the URL to a program and its inputs) and people can easily manipulate the URLs they send. That leaves a lot of levels where buffer overflows or mis-parsing can let unintended code execute. > and exploits do get found that elevate an > unprivileged user to root privileges. And it is best to assume that there are more that haven't been found... > So you could offer, for example, > a bounty for anyone who finds a way to elevate the privilege of an > unprivileged account. That's a lot less powerful than a complete > exploit that can be used against any server on the Internet, but it's > the kind of thing an attacker might use as part of a larger exploit. So > would you feel safer using CentOS/Red Hat if Red Hat, for example, > offered a prize to anyone who could find a privilege-escalation exploit > like that? Knowing that it would reduce the chance of a black hat > finding the exploit and using it as part of an attack? You'll never know when the last bug is found. And if you don't know that, what have you gained by painting a target on your head? -- Les Mikesell lesmikesell at gmail.com