OStatic

I just spent several days helping to upgrade an organization's servers from Red Hat Enterprise 3 to the latest version, Red Hat Enterprise 5.2. One of the most important, and impressive, issues we dealt with during this upgrade was SELinux, or security-enhanced Linux. SELinux offers a great deal of functionality, and helps to protect Linux boxes from a variety of threats. It forces system administrators to learn a new vocabulary, as well as permissions, logfiles, and programs with which they were previously unfamiliar. Fortunately, there are many good tutorials for SELinux on the Web.

Last week, members of the Ruby community received word that all but the most recent versions of the language contain a serious security hole, and should be upgraded immediately. The announcement indicated that the security problem allows an attacker to potentially execute arbitrary code from a remote location. Other than that general description, what is the problem? Well... the powers that be aren't telling. Zed Shaw, decided to blog about this, announcing the vulnerabilities, as well as the techniques that he used to uncover them.