Search Members Help

» Welcome Guest
[ Log In :: Register ]

Mini-ITX Boards Sale, Fanless BareBones Mini-ITX, Bootable 1G DSL USBs, 533MHz Fanless PC <-- SALE $200 each!
Get The Official Damn Small Linux Book. DSL Market , Great VPS hosting provided by Tektonic
Pages: (5) </ 1 2 3 [4] 5 >/

[ Track this topic :: Email this topic :: Print this topic ]

reply to topic new topic new poll
Topic: Which "openoffice" to download for 256MB system?, ".tar.gz" x ".uci" (at MyDSL)< Next Oldest | Next Newest >
lucky13 Offline





Group: Members
Posts: 1478
Joined: Feb. 2007
Posted: June 12 2008,21:48 QUOTE

Search google for these terms: openoffice security advisories. My first try:
Results 1 - 10 of about 345,000 for openoffice security advisories. (0.28 seconds)

Shortest answer to the first question: That presumes your local documents contain no shared information and no content (images, etc.) from other sources. I didn't narrow down my search to include anything affecting OOo with JRE whether remote or local...

Okay, now I have. I thought I remembered this:
http://news.cnet.com/Java-fl....13.html

Plenty more if you have time to read through all the links for OOo-specific security advisories.


--------------
"It felt kind of like having a pitbull terrier on my rear end."
-- meo (copyright(c)2008, all rights reserved)
Back to top
Profile PM WEB 
humpty Offline





Group: Members
Posts: 655
Joined: Sep. 2005
Posted: June 13 2008,06:25 QUOTE

Quote (setecio @ June 13 2008,05:32)
I just wondered if such a download was available to have a look at various apps.

You can also visit the website to browse the apps,

http://distro.ibiblio.org/pub/linux/distributions/damnsmall/mydsl/
Back to top
Profile PM 
setecio Offline





Group: Members
Posts: 89
Joined: Nov. 2006
Posted: June 13 2008,08:47 QUOTE

Thanks humpty, that looks the best way.

lucky13, about the security side of running DSL and various apps, I thought that :

a) DSL being Linux
b) running in root
c) being behind a hardware firewall
d) being 'only' a home user as opposed to a corporate business with any 'important stuff'

that I would be pretty safe using DSL and apps such as Open Office.
Back to top
Profile PM 
lucky13 Offline





Group: Members
Posts: 1478
Joined: Feb. 2007
Posted: June 13 2008,11:28 QUOTE

Layers...

First layer, kernel. Linux is just a kernel. It has its own set of security issues, just like any other complex, complicated set of code known as an operating system. Check the changelogs and security advisories and patches (such as novmsplice).

----------------------- edit ----------------------------------
I just remembered that grsecurity recently had this note about the problem of transparency and openness in 2.6:
"Due to Linux kernel developers continuing to silently fix exploitable bugs (in particular, trivially exploitable NULL ptr dereference bugs continue to be fixed without any mention of their security implications) we continue to suggest that the 2.6 kernels be avoided if possible."
http://www.grsecurity.net/news.php
-------------------  end edit  ------------------------------------

Above that in the next layer are all the utilities that make the kernel useful. Those, too, have vulnerabilities that affect security. Just because they're used in Linux/Unix doesn't make them any safer than if they're used in any other OS (including Windows).

The next layer includes userland applications. Some of these are very complex sets of code and with that complexity they're more susceptible (exponentially?) to security breaches. For example, Firefox and Open Office are among the larger and more complex applications made available in many Linux distros. Both of these applications have long histories of security problems and often have made new security releases within days of previous releases. Both, of course, are also available for other operating systems. It's not the OS -- the first two layers of kernel and utilities -- that's responsible for these security issues. It's all the interrelated pieces of the complex puzzles such as libraries used, as well as the way those are implemented in the whole scheme of things, that's problematic. Especially today with the increased risk of cross-scripted attacks that take advantage of holes in "Software A" to do something else with "Software B" to compromise a system running on "Operating System C." These attacks often transcend OS. (edit - see below)

You're not inherently safer using Open Office or Firefox in Linux than you are in Windows or OSX. The same issues plague the same software without regard for OS. The degree of severity can vary from OS to OS, especially if run as root (don't do that!!) and thereby having full system access.

Security is a function of a lot of things and the weakest link is always the user -- not the OS. The OS can make it easier or more difficult to be secure, but the OS is NOT your security blanket. Blindly trusting an OS as a security measure is folly.

Edit 2: from my pwn2own collection:
"The flaw is in something else, but the inherent nature of Java allowed us to get around the protections that Microsoft had in place," he (Macaulay) said in an interview shortly after he claimed his prize Friday. "This could affect Linux or Mac OS X."
http://blogs.zdnet.com/security/?p=993


--------------
"It felt kind of like having a pitbull terrier on my rear end."
-- meo (copyright(c)2008, all rights reserved)
Back to top
Profile PM WEB 
curaga Offline





Group: Members
Posts: 2163
Joined: Feb. 2007
Posted: June 13 2008,13:34 QUOTE

I wonder if that reference to Java is the same thing my, sadly still, bank uses to snoop on it's clients.
They use a side of Java IIRC called JIS that lets you do the exact opposite of Java, execute code outside the Java sandbox.

..Which is one of the reasons I don't have Java..


--------------
There's no such thing as life. Those mean little jocks invented it ;)
-
Windows is not a virus. A virus does something!
Back to top
Profile PM 
23 replies since May 29 2008,03:03 < Next Oldest | Next Newest >

[ Track this topic :: Email this topic :: Print this topic ]

Pages: (5) </ 1 2 3 [4] 5 >/
reply to topic new topic new poll
Quick Reply: Which "openoffice" to download for 256MB system?

Do you wish to enable your signature for this post?
Do you wish to enable emoticons for this post?
Track this topic
View All Emoticons
View iB Code