Ext2: How are security exploits found?Nov 20, 1999, 19:11 (1 Talkback[s])
(Other stories by Kevin Fenzi)
"Have you ever wondered how your vendor knows that a new exploit is out and that they should patch the offending package and issue a security fix?"
"Most of the time in the past, Unix (and Linux) vendors were playing a dangerous game of catch up with the crackers. When someone was broken into or attacked, they would try and figure out how the cracker got in, and work backwards to find a patch that would keep them out. As you can well imagine, this wasn't a very useful way to do things. Often you had to wait until a large number of systems were attacked by a particular exploit before you could track down the problem. Then, you would have to wait for your vendor to make a fix available."
"When Linux first came on the scene, you got a slight bit of improvement, in that enterprising hackers didn't have to wait for the vendor to come up with a fix, but could instead create their own from the code. Kernel bugs (like the ping-of-death attack) were fixed particularly quickly due to easy access to the source code. Of course you were still playing catch up to the crackers, because there needed to be some evidence of the attack so you could fix the problem in the code. Also, since Linux was rapidly evolving, there were lots of bugs that could be exploited until things stabilized."