back to article I ain't afraid of no GHOST – securo-bods

The latest high-profile security vulnerability affecting Linux systems is serious but nowhere near as bad as the infamous Heartbleed flaw, according to security experts. Hackers might be able to use the so-called GHOST flaw to plant malware or seize control of some Linux-based systems. Security researchers at cloud security …

  1. Anonymous Coward
    Anonymous Coward

    "Further technical analysis of the GHOST vulnerability by security researchers lcamtuf can be found here" (http://lcamtuf.blogspot.com.es/2015/01/technical-analysis-of-qualys-ghost.html)

    Brilliant info. well worth reading.

    1. Ben Tasker Silver badge

      Definitely well worth a read :)

  2. John Sanders
    Trollface

    Awesome!

    http://lcamtuf.blogspot.com.es/2015/01/technical-analysis-of-qualys-ghost.html

  3. joeldillon

    I think you mean 'the effect' not 'the affect'.

  4. phuzz Silver badge

    "Without a reboot, services using the old library will not be restarted"

    That's the problem right there. Installing a patch is fine, but having to reboot all of our web servers is not going to be fun.

    Should rack up some overtime though.

    1. Voland's right hand Silver badge

      Utter bollocks

      You can restart the services one by one if you want. No need to reboot. Or restart only the ones that are clear to be affected (exim).

      By the way - debian patched eglibc packages do not restart it which is weird as they are usually quite a**l about it and have a list of packages they need to restart on upgrade (usually exim, ssh and inetd).

      1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: Utter bollocks

        Exim is only affected if you turn on helo verification. Default config isn't vulnerable.

    2. alain williams Silver badge

      I have just updated some 8 machines, none of them rebooted. I restarted some services (exim, httpd, sshd, ...) - but a reboot was not needed -- these are Linux systems, not MS Windows.

      I agree that a reboot is an easy way of restarting everything - but if you know what you are doing it is not necessary.

      1. Anonymous Coward
        Anonymous Coward

        these are Linux systems, not MS Windows

        And everyone knows they are immune from exploits unlike that buggy MS stuff

      2. LDS Silver badge

        Did you check each and every process linking to glibc?

        Also Windows asks you to reboot *exactly* because it wants to avoid to have two different version of a system library loaded and some applications using one and others the other. To ensure anything passed around conforms to the same code and no risk of passing around something slightly different happens....

        That's also why even a full reboot under Linux - if you can afford it - could be a safer choice.

    3. Vic

      "Without a reboot, services using the old library will not be restarted"

      That's the problem right there.

      Not really - it's not actually true.

      Services must be restarted, but that's a trivial matter. The machine as a whole does not need to be rebooted in the short term; this might, of course, lead to certain daemons still running the old code, but the attack surface is minimised and the public-facing services left running the patched version.

      Restarting web, mail and other network services takes less than a minute all in.

      Vic.

  5. Raedwald Bretwalda
    Boffin

    The opening words of the Description section of the man page for gethostbyname says

    The gethostbyname*() and gethostbyaddr*() functions are obsolete. Applications should use getaddrinfo(3) and getnameinfo(3) instead.

    1. Michael Wojcik Silver badge

      Yes, gethostbyname is obsoleted by getaddrinfo; but exim, for example, was written four years before getaddrinfo was standardized (by RFC 2553), much less widely available. There was no compelling reason1 for most applications to replace working gethostbyX calls with the corresponding getXinfo ones. Not when there are so many other bugs to fix and features to add and online arguments to argue.

      1For most users and developers, IPv6 is still not a compelling reason. At best it's a mild source of guilt - oh, yes, someday we'll probably have to support IPv6. We've successfully pushed "someday" off for nineteen years and counting.

  6. petur
    Meh

    attention whores

    I have enough of Qualys. All I did was point out an error in their free scanner (how nice of me), and that resulted in a bunch of emails and even a phone call to try to sell me some of their services.

    I consider their 'leak' to be quite intentional....

    1. Anonymous Coward
      Anonymous Coward

      Re: attention whores

      indeed ... and they are also getting flak in oss-security about delivering details of a vulnerability to *a PR firm* ahead of informing the affected open source security comunity.

  7. This post has been deleted by its author

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019