Sun Security Patch Introduces Security Hole

Rich0 writes "Sun is announcing that their 'Security Hardening Package' for their Cobalt RaQ 4 Linux servers allows remote users to execute arbitrary code. Ironically, the solution is to remove the package, potentially removing protection from other compromises. There's a CERT advisory, as well as an article posted on Extremetech." Yikes, one would hope there's a forthcoming patch in the works.

Re:Wow!

[Black+Copter+Control]

The problem isn't just that you can't trust a specicificpiece of bad software. It's that -- because of the rather cockeyed way that microsoft did their DLL 'support' -- there's no way that you can just pull trust for that piece of code, or otherwise prevent it from being downloaded without removing trust for everything made by microsoft.. This leaves users in the rather wierd position of either not being able to download *any* MS active-X control (for fear that it could be the bad one) or leave themselves open to the possibility of somebody trojaning in the bad 'trusted' control and then owning your machine up kazoo..

The problem with this Cobolt 'security' release is one of a flawed implementation. Microsoft's bug was one of tragically bad design. The latter is much harder to work around.