[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sheflug] Re: 2.4.4



>>>>> "Richard" == Richard Ibbotson <richard [at] sheflug.co.uk> writes:

    Richard> Baz

    Richard> When the new 2.2 kernels came along and the 2.0.3x
    Richard> kernels were still in use I had the annual argument with
    Richard> MCC about this and they said that they thought that my
    Richard> argument that early versions of new kernels weren't good
    Richard> in the security department was entirely valid.

I'm not going to deny that earlier versions of anything are likely to
contain a good number of relatively serious bugs. Obviously security
is going to be affected by this too.

There was an ftp problem with IPChains in the early 2.2.x series, IIRC
to - so the recent problems with netfilter is hardly a surprise.

Still, I'm not running a production system - if I was I'd be careful
to the point of boredom with upgrades and changes.

I might even have a OpenBSD box or 10 kicking around if I was that
concerned.

    Richard> Something similar is going on around me now.  I see a
    Richard> small crowd of people who think that early 2.4 kernels
    Richard> are secure.  The larger crowd prefer to use the 2.2
    Richard> kernels. And, I can't argue with their opinions.

Kernels ain't the be all and end all of security either - if was a
cracker, I'd certainly hunt around for user space holes first - cron,
ftp, httpd, nfs, smtpd, pop, etc, etc,... 

Secure = unplug everything, lock it in a safe, and weld the door shut.

And even that ain't perfect :-)

Basically, I can do what I please, 'cause I'm not working for a
European bank :-)

Baz.

-- 
Barrie J. Bremner 		OpenPGP public key ID: 5164F553
baz [at] barriebremner.com	http://barriebremner.com/

baz /baz/ n.
 1. [common] The third metasyntactic variable.
 2. interj. A term of mild annoyance.
 3. Occasionally appended to foo to produce `foobaz'

	-- Jargon File v4.3.0, www.tuxedo.org/jargon

 4. Me.

---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.