[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sheflug] Re: 2.4.4
>>>>> "Richard" == Richard Ibbotson <richard [at] sheflug.co.uk> writes:
Richard> Baz
Richard> When the new 2.2 kernels came along and the 2.0.3x
Richard> kernels were still in use I had the annual argument with
Richard> MCC about this and they said that they thought that my
Richard> argument that early versions of new kernels weren't good
Richard> in the security department was entirely valid.
I'm not going to deny that earlier versions of anything are likely to
contain a good number of relatively serious bugs. Obviously security
is going to be affected by this too.
There was an ftp problem with IPChains in the early 2.2.x series, IIRC
to - so the recent problems with netfilter is hardly a surprise.
Still, I'm not running a production system - if I was I'd be careful
to the point of boredom with upgrades and changes.
I might even have a OpenBSD box or 10 kicking around if I was that
concerned.
Richard> Something similar is going on around me now. I see a
Richard> small crowd of people who think that early 2.4 kernels
Richard> are secure. The larger crowd prefer to use the 2.2
Richard> kernels. And, I can't argue with their opinions.
Kernels ain't the be all and end all of security either - if was a
cracker, I'd certainly hunt around for user space holes first - cron,
ftp, httpd, nfs, smtpd, pop, etc, etc,...
Secure = unplug everything, lock it in a safe, and weld the door shut.
And even that ain't perfect :-)
Basically, I can do what I please, 'cause I'm not working for a
European bank :-)
Baz.
--
Barrie J. Bremner OpenPGP public key ID: 5164F553
baz [at] barriebremner.com http://barriebremner.com/
baz /baz/ n.
1. [common] The third metasyntactic variable.
2. interj. A term of mild annoyance.
3. Occasionally appended to foo to produce `foobaz'
-- Jargon File v4.3.0, www.tuxedo.org/jargon
4. Me.
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.