[ale] Web server OS

Jeff Hubbs hbbs at comcast.net
Wed Dec 24 10:56:53 EST 2008


I don't see it that way.  Have a look at this excerpt from a recent 
Gentoo advisory involving PowerDNS:

    Impact
    ======

    A remote attacker could send specially crafted queries to cause a
    Denial of Service. The second vulnerability in itself does not pose a
    security risk to PowerDNS Nameserver. However, not answering a query
    for an invalid DNS record within a valid domain allows for a larger
    spoofing window on third-party nameservers for domains being hosted by
    PowerDNS Nameserver itself.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    All PowerDNS users should upgrade to the latest version:

         # emerge --sync
         # emerge --ask --oneshot --verbose ">=net-dns/pdns-2.9.21.2"

I don't think this is all that much different from what other distros' 
users face as a part of routine administration.  If UbuHatCentDora have 
a Big Red Button for "Apply All Security Upgrades To Eveything Now," 
Gentoo does not really have that per se - but there is a Bigger Red 
Button that says "Make Everything Current Now" (emerge -uD world).  Just 
make sure you check your circuit breakers before you hit it because 
you're about to have a very busy box. :)


Pat Regan wrote:
> Jeff Hubbs wrote:
>   
>> In Gentoo-land, each package is pretty much managed as an independent 
>> unit and as such there aren't generally times where you're "forced" to 
>> upgrade because updates to a distro version stop.  No distro version, no 
>> version-keyed updates.
>>     
>
>
> Yes, that is exactly the "feature" that is a huge flaw for me :).
>
> I can see a lot of situations where it would be a feature.  I just see
> it as creating more work when you want to maintain a stable environment
> without security problems.
>
> Pat





More information about the Ale mailing list