[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sheflug] Re: 2.4.4

To: "Sheflug" <sheflug [at] vuw.ac.nz>
Subject: [Sheflug] Re: 2.4.4
From: Barrie Bremner <nospam [at] barriebremner.com>
Date: Mon, 14 May 2001 19:31:22 +0100
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: sheflug-bounce [at] vuw.ac.nz

>>>>> "Richard" == Richard Ibbotson <richard [at] sheflug.co.uk> writes:

    Richard> Baz

    Richard> When the new 2.2 kernels came along and the 2.0.3x
    Richard> kernels were still in use I had the annual argument with
    Richard> MCC about this and they said that they thought that my
    Richard> argument that early versions of new kernels weren't good
    Richard> in the security department was entirely valid.

I'm not going to deny that earlier versions of anything are likely to
contain a good number of relatively serious bugs. Obviously security
is going to be affected by this too.

There was an ftp problem with IPChains in the early 2.2.x series, IIRC
to - so the recent problems with netfilter is hardly a surprise.

Still, I'm not running a production system - if I was I'd be careful
to the point of boredom with upgrades and changes.

I might even have a OpenBSD box or 10 kicking around if I was that
concerned.

    Richard> Something similar is going on around me now.  I see a
    Richard> small crowd of people who think that early 2.4 kernels
    Richard> are secure.  The larger crowd prefer to use the 2.2
    Richard> kernels. And, I can't argue with their opinions.

Kernels ain't the be all and end all of security either - if was a
cracker, I'd certainly hunt around for user space holes first - cron,
ftp, httpd, nfs, smtpd, pop, etc, etc,... 

Secure = unplug everything, lock it in a safe, and weld the door shut.

And even that ain't perfect :-)

Basically, I can do what I please, 'cause I'm not working for a
European bank :-)

Baz.

-- 
Barrie J. Bremner 		OpenPGP public key ID: 5164F553
baz [at] barriebremner.com	http://barriebremner.com/

baz /baz/ n.
 1. [common] The third metasyntactic variable.
 2. interj. A term of mild annoyance.
 3. Occasionally appended to foo to produce `foobaz'

	-- Jargon File v4.3.0, www.tuxedo.org/jargon

 4. Me.

---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

References:
- [Sheflug] 2.4.4
  - From: Richard Ibbotson <richard [at] sheflug.co.uk>
- Re: [Sheflug] 2.4.4
  - From: Will Newton <will [at] misconception.org.uk>
- Re: [Sheflug] 2.4.4
  - From: Barrie Bremner <baz [at] barriebremner.com>
- [Sheflug] Re: 2.4.4
  - From: Richard Ibbotson <richard [at] sheflug.co.uk>

Prev by Date: Re: [Sheflug] Mozilla
Next by Date: Re: [Sheflug] Mozilla
Prev by thread: [Sheflug] Re: 2.4.4
Next by thread: Re: [Sheflug] 2.4.4
Index(es):
- Date
- Thread