partyopensuse
opensuse 时间:2021-04-01 阅读:()
SUSESecurityProcessAnoverviewontechnicallevelMarcusMeinerTeamleadSUSESecuritymeissner@suse.
de2006NovellInc.
2SUSESecurityTeamTasks:IncidenthandlingProactivework(auditing,designreviews)ResearchandIntegrationofnewtechnologiesFocusonOpenSourcepartsoftheLinuxproductlinesTightlycooperatingwith:R&D,QA,NTS,Maintenance,Customers2006NovellInc.
3SecurityWork–whatisitnotcoolnofundoesnotmakeyoupopulartiringwork2006NovellInc.
4SecurityProblemsovertimeBufferoverflowsFormatstringproblemsIntegeroverflows(Bufferoverflowsstrikeback)Last2years:imageprocessinglibrariesproblemsinwebapplicationsThisyear:problemsinwebapplicationsProblem:moreandmorecodeoperatesondatafromtheInternetapplicationsgrowandgrowandgrow2006NovellInc.
5NonIncidentWorkAuditsecurityrelevantpackagesnetworkandsystemdaemons,setuidbinariesdesignofnewtechnologieslikeD-BUSothersecuritycriticalpackagesDeployautomatedmeasuresDevelopnewtechnologiesEducatewritepapersholdlecturesonsecuritytopicsResearchresearchintonewtechnologiesandattackvectors2006NovellInc.
6MakingcodehardertoexploitOverflowchecking/mitigation:-D_FORTIFY_SOURCE=2(defaulton10.
0,10.
1.
.
.
)-fstack-protectorheapstructurevalidationmanglingofpointersthatliveindangerousareasrandomizingaddressspaceAutomatedcodecheckingAnnoyinggccwarnings3rdpartytoolsForce^WTeachpeopletowritebettercode2006NovellInc.
7ConfinementNoSELinuxhereniceideaandformalapproachtoocomplicatedtosetupforbothuserandadminAppArmoraccessrestrictionsonapplicationlevelconfinesfileaccess,capabilities,programstartsglobbingandwildcardspossiblenoall-or-nothingapproachlikeSELinuxlightversionon10.
0,fullOpenSourcenowLSMsooninmainlinekernel2006NovellInc.
8ProductlinesSUSELinux(Retail,Box)2yearssupported,getssecurityandcriticalbugfixesreleasedevery6months4-5activeateverytimeSUSELinuxEnterpriseServer5yearsregularmaintenance(+2yearsextended)longerreleasecyclescurrently:SLES8,SLES9,SLD1,NLD9,OESSoon:SLES10,SLED10Active:2majorproducts,3derivatedproducts5differentmaincodestreams(+derivates)2006NovellInc.
9IncidentHandling–EnteringSUSEGettingknowledgeofsecurityproblempublicmailinglistsclosedforums(crossvendorcoordination)newpackagereleasesourownsecurityauditsreportstocontactaddress(security@suse.
de)Trackingdiscard,ifaffectedpackageisnotinactiveproductsdiscard,ifaffectedpackageversionisnotinactiveproductsopenaBugzillaentry2006NovellInc.
10IncidentHandling–TrackingBugzillaIsourincidenttrackingtoolSecurityTeamaddsinitialinformationtonewbugreports:–detaileddescription–VulnerabilityIDs(CVE,VU#,.
.
.
)–affectedpackageversionsandproducts–patch(es)tofixissue(ifany)–sampleexploit(s)(ifany)–decisiononwhethertofixforolderproductsornotAssignedtopackagerAssistingwithfindingpatches,fixingandpriority2006NovellInc.
11IncidentHandling–FixedPackagesPackagemaintainerworkReviewsfixesandaffectedproductsSubmitsfixedpackages(source)forbuildsystemSourcelevelpatchreviewisdonebyBuildsystemTeamBuildsystemTeamcheckspackageintopackagerepositoryofoldproductsBuildsystemConsistencychecksduringbuildAutomatedrebuildingalldependendpackagesNofixed(bitwisesame)binariesduetorebuilds2006NovellInc.
12IncidentHandling–PatchsetCreationCreatingthepatchset:accompaniesfixedpackageuptoreleasetrackedbySWAMP(SUSEWorkflowmanagementtool)createdbySecurityTeam–whatpackages,whatdistributions–description–optionalpreorpostinstallationmessages–linksbacktoBugzillaandSWAMPmetapatchfilegetscheckedintobuildsystem–collectsRPMsoutofcurrentstateofbuildsystemandfixatesthem–preparesthepatchsetthecustomerwillseeforQA2006NovellInc.
13IncidentHandling–QAQAUsescreatedpatchsetCheckreproducabilityofavailableexploitsAppliespatchesjustlikecustomerwould,from–YaSTOnlineUpdateforSUSELinuxandSLES–RedCarpet/ZLMforOESandNLDSystemintegrationQA(checkingRPMdependencies)ComponentIntegrationQA–Packagetestcasesarerun(automatedandmanual)–rerunexploitprocessgoesbacktopackagerifQAfails2006NovellInc.
14IncidentHandling–ReleaseNotbefore:coordinateddisclosuredateQAapprovalOnapproval:patchiscopiedtostaginginfrastructureinthesamewayasforQAnofurthermanualstepsNTSreviewsdocumentationandpublishesTIDarticleSecurityadvisoryreleased2006NovellInc.
15HowcanyouhelpUser/AdministratorsInstallSecurityUpdatesReportcrashesinApplicationsMonitoryourserversDeveloperProgramsafelyusebetterlanguagessecurityconsciousdesign2006NovellInc.
16Itsallaboutcertification.
Security-notafeature,butaprocessCertificationdescribesconfigurations:profilesdefiningscenariosofusersandattackersversionsofinstalledsoftwarecontentofconfigurationsfileshardwareandprocesses:securityhandlingduringtheproductlifecycledocumentationphysicalsecurity2006NovellInc.
17LanguagesCC++ManagedLanguagesandEnvironments–Java–C#Script–perl–php
de2006NovellInc.
2SUSESecurityTeamTasks:IncidenthandlingProactivework(auditing,designreviews)ResearchandIntegrationofnewtechnologiesFocusonOpenSourcepartsoftheLinuxproductlinesTightlycooperatingwith:R&D,QA,NTS,Maintenance,Customers2006NovellInc.
3SecurityWork–whatisitnotcoolnofundoesnotmakeyoupopulartiringwork2006NovellInc.
4SecurityProblemsovertimeBufferoverflowsFormatstringproblemsIntegeroverflows(Bufferoverflowsstrikeback)Last2years:imageprocessinglibrariesproblemsinwebapplicationsThisyear:problemsinwebapplicationsProblem:moreandmorecodeoperatesondatafromtheInternetapplicationsgrowandgrowandgrow2006NovellInc.
5NonIncidentWorkAuditsecurityrelevantpackagesnetworkandsystemdaemons,setuidbinariesdesignofnewtechnologieslikeD-BUSothersecuritycriticalpackagesDeployautomatedmeasuresDevelopnewtechnologiesEducatewritepapersholdlecturesonsecuritytopicsResearchresearchintonewtechnologiesandattackvectors2006NovellInc.
6MakingcodehardertoexploitOverflowchecking/mitigation:-D_FORTIFY_SOURCE=2(defaulton10.
0,10.
1.
.
.
)-fstack-protectorheapstructurevalidationmanglingofpointersthatliveindangerousareasrandomizingaddressspaceAutomatedcodecheckingAnnoyinggccwarnings3rdpartytoolsForce^WTeachpeopletowritebettercode2006NovellInc.
7ConfinementNoSELinuxhereniceideaandformalapproachtoocomplicatedtosetupforbothuserandadminAppArmoraccessrestrictionsonapplicationlevelconfinesfileaccess,capabilities,programstartsglobbingandwildcardspossiblenoall-or-nothingapproachlikeSELinuxlightversionon10.
0,fullOpenSourcenowLSMsooninmainlinekernel2006NovellInc.
8ProductlinesSUSELinux(Retail,Box)2yearssupported,getssecurityandcriticalbugfixesreleasedevery6months4-5activeateverytimeSUSELinuxEnterpriseServer5yearsregularmaintenance(+2yearsextended)longerreleasecyclescurrently:SLES8,SLES9,SLD1,NLD9,OESSoon:SLES10,SLED10Active:2majorproducts,3derivatedproducts5differentmaincodestreams(+derivates)2006NovellInc.
9IncidentHandling–EnteringSUSEGettingknowledgeofsecurityproblempublicmailinglistsclosedforums(crossvendorcoordination)newpackagereleasesourownsecurityauditsreportstocontactaddress(security@suse.
de)Trackingdiscard,ifaffectedpackageisnotinactiveproductsdiscard,ifaffectedpackageversionisnotinactiveproductsopenaBugzillaentry2006NovellInc.
10IncidentHandling–TrackingBugzillaIsourincidenttrackingtoolSecurityTeamaddsinitialinformationtonewbugreports:–detaileddescription–VulnerabilityIDs(CVE,VU#,.
.
.
)–affectedpackageversionsandproducts–patch(es)tofixissue(ifany)–sampleexploit(s)(ifany)–decisiononwhethertofixforolderproductsornotAssignedtopackagerAssistingwithfindingpatches,fixingandpriority2006NovellInc.
11IncidentHandling–FixedPackagesPackagemaintainerworkReviewsfixesandaffectedproductsSubmitsfixedpackages(source)forbuildsystemSourcelevelpatchreviewisdonebyBuildsystemTeamBuildsystemTeamcheckspackageintopackagerepositoryofoldproductsBuildsystemConsistencychecksduringbuildAutomatedrebuildingalldependendpackagesNofixed(bitwisesame)binariesduetorebuilds2006NovellInc.
12IncidentHandling–PatchsetCreationCreatingthepatchset:accompaniesfixedpackageuptoreleasetrackedbySWAMP(SUSEWorkflowmanagementtool)createdbySecurityTeam–whatpackages,whatdistributions–description–optionalpreorpostinstallationmessages–linksbacktoBugzillaandSWAMPmetapatchfilegetscheckedintobuildsystem–collectsRPMsoutofcurrentstateofbuildsystemandfixatesthem–preparesthepatchsetthecustomerwillseeforQA2006NovellInc.
13IncidentHandling–QAQAUsescreatedpatchsetCheckreproducabilityofavailableexploitsAppliespatchesjustlikecustomerwould,from–YaSTOnlineUpdateforSUSELinuxandSLES–RedCarpet/ZLMforOESandNLDSystemintegrationQA(checkingRPMdependencies)ComponentIntegrationQA–Packagetestcasesarerun(automatedandmanual)–rerunexploitprocessgoesbacktopackagerifQAfails2006NovellInc.
14IncidentHandling–ReleaseNotbefore:coordinateddisclosuredateQAapprovalOnapproval:patchiscopiedtostaginginfrastructureinthesamewayasforQAnofurthermanualstepsNTSreviewsdocumentationandpublishesTIDarticleSecurityadvisoryreleased2006NovellInc.
15HowcanyouhelpUser/AdministratorsInstallSecurityUpdatesReportcrashesinApplicationsMonitoryourserversDeveloperProgramsafelyusebetterlanguagessecurityconsciousdesign2006NovellInc.
16Itsallaboutcertification.
Security-notafeature,butaprocessCertificationdescribesconfigurations:profilesdefiningscenariosofusersandattackersversionsofinstalledsoftwarecontentofconfigurationsfileshardwareandprocesses:securityhandlingduringtheproductlifecycledocumentationphysicalsecurity2006NovellInc.
17LanguagesCC++ManagedLanguagesandEnvironments–Java–C#Script–perl–php
- partyopensuse相关文档
- desktopopensuse
- refersopensuse
- 数据opensuse
- 位址opensuse
- taropensuse
- sortopensuse
FlashFXP FTP工具无法连接主机常见原因及解决办法
目前,我们都在用哪个FTP软件?喜欢用的是WinSCP,是一款免费的FTP/SFTP软件。今天在帮助一个网友远程解决问题的时候看到他用的是FlashFXP FTP工具,这个工具以前我也用过,不过正版是需要付费的,但是网上有很多的绿色版本和破解版本。考虑到安全的问题,个人不建议选择破解版。但是这款软件还是比较好用的。今天主要是遇到他的虚拟主机无法通过FTP连接主机,这里我就帮忙看看到底是什么问题。一...
Virmach 3.23美元可用6个月的VPS主机
Virmach 商家算是比较久且一直在低价便宜VPS方案中玩的不亦乐乎的商家,有很多同时期的商家纷纷关闭转让,也有的转型到中高端用户。而前一段时间也有分享过一次Virmach商家推出所谓的一次性便宜VPS主机,比如很低的价格半年时间,时间到服务器也就关闭。这不今天又看到商家有提供这样的产品。这次的活动产品包括圣何塞和水牛城两个机房,为期六个月,一次性付费用完将会取消,就这么特别的产品,适合短期玩玩...
RackNerd:美国便宜VPS,洛杉矶DC-02/纽约/芝加哥机房,4TB月流量套餐16.55美元/年
racknerd怎么样?racknerd美国便宜vps又开启促销模式了,机房优秀,有洛杉矶DC-02、纽约、芝加哥机房可选,最低配置4TB月流量套餐16.55美元/年,此外商家之前推出的最便宜的9.49美元/年套餐也补货上架,同时RackNerd美国AMD VPS套餐最低才14.18美元/年,是全网最便宜的AMD VPS套餐!RackNerd主要经营美国圣何塞、洛杉矶、达拉斯、芝加哥、亚特兰大、新...
opensuse为你推荐
-
Baby被问婚变绯闻黄晓明婚礼上说baby碰他哪里最兴奋mathplayerjavascript 如何判断document.body.innerHTML是否为空xyq.163.cbg.comhttp://xyq.cbg.163.com/cgi-bin/equipquery.py?act=buy_show_equip_info&equip_id=475364&server_id=625 有金鱼贵吗?同一服务器网站一个服务器放多个网站怎么设置?www.119mm.com看电影上什么网站??haole16.com玛丽外宿中16全集在线观看 玛丽外宿中16qvod快播高清下载www.5any.comwww.qbo5.com 这个网站要安装播放器抓站工具大家在家用什么工具练站?怎么固定?面壁思过?在医院是站站立架lcoc.toptop weenie 是什么?5566.com请问如何创建网页(就是www.5566.com.cn这种格式的)