On Sun, May 3, 2009 at 2:17 PM, Lisa Kachold <
lisakachold@obnosis.com> wrote:
> Fedora 10 has to be my favorite distro this year. It's absolutely amazing
> just how easy Linux installation has become. Setting up KDE and Gnome is
> really simple to allow either. Eclipse runs immediately from package
> management install with all the plugins!
>
> Here's a great reference for setting up Fedora 10 Personal, with
> instructions for adding repos, installing codecs, and turning off unneeded
> services: http://www.mjmwired.net/resources/mjm-fedora-f10.html
>
> Once you get all your codecs setup, test it with free television:
> http://freetube.110mb.com/index.php?view=Ac3dmbW92aWVjaXR5
>
> And the patch process actually works! I won't give you my "coding at 300
> baud" ancient history stories, but this is the most powerful system,
> incredibly created via open source submissions!
> {I actually have had "discussions" with Linux admins who choose NEVER to
> patch anything, believe it or not (partly because patch management was
> rarely chosen over compiled sources, due to breakage and limitations)!}
>
> Discovery and reporting of security issues is swift, I can't imagine any way
> a "profit" based company with top down hierarchical business plan management
> could possibly compete with the open source model.
you mean like IBM, who is responsible for the bulk of Fedora development?
-jmz
> Here's three security
> issues reported so far:
>
> Fedora Directory Server before 10 allows remote attackers to obtain
> sensitive information, such as the password from adm.conf via an IFRAME
> element, probably involving an Apache httpd.conf configuration that orders
> "allow" directives before "deny" directives.
> http://www.securityspace.com/smysecure/catid.html?id=CVE-2005-3630&ctype=cve
>
> tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5,
> Fedora 9, and Fedora 10 does not log failed authentication attempts to the
> OpenPegasus CIM server, which makes it easier for remote attackers to avoid
> detection of password guessing attacks.
> http://www.securityspace.com/smysecure/catid.html?id=CVE-2008-4315&ctype=cve
>
> ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the
> apache user account, and sets the permissions to 0600, which makes it easier
> for remote attackers to modify this file by accessing it through a (1) PHP
> or (2) CGI script.
> http://www.securityspace.com/smysecure/catid.html?id=CVE-2008-6755&ctype=cve
>
> Anyone got any good suggestions for Fedora 10?
>
> www.obnosis.com (503)754-4452
> "Contradictions do not exist." A. Rand
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss