On Thu, 13 Jul 2006 23:23:22 +0200 (CEST) "Gudjon I. Gudjonsson" <[EMAIL PROTECTED]> wrote:
> How worried should I be? Do you think it is OK to wait for an > official Debian packaged kernel or should I download some tonight from > kernel.org and compile myself? Be worried if you allow untrusted users shell access to your systems. I'm no security expert, but I'm willing to bet that there are tens (if not hundreds) of 0-day local exploits in the Linux 2.6 source code. 'Security' within a source tree that incorporates ~10MB of patches per month is an illusion (in my humble opinion). Don't get me wrong, I run a server with a 2.6 kernel, but be aware that if a malicious user ever gains access to an unprivileged account, they would have no trouble in compromising the system. --Adam -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
