On marted� 29 marzo 2005, alle 00:34, Adam M. wrote: > >But 2.4.18 is the Debian stable kernel, which gets security updates > >and patches, no? > > No, it doesn't. I really think that packages like this old kernel should > be removed from the mirrors, or at least updated with big fat warning.
Sorry, but this isn't correct. kernel 2.4.18-1 in woody is patched against known vulnerability. You may take a look on the latest update of it: http://www.debian.org/security/2004/dsa-479 Recent vulnerability involve code not present in this release of kernel. This is one of the main reason because security team doesn't want a new release of kernel in the stable distribution. > Anyway, the kernel in woody are not up to date. You *have to* roll your > own kernel. At this time you should use the latest 2.4.x kernel, or > 2.6.x if you need to. If you don't roll your own kernels, at least for > machines with remote access, then all local users can get root. Of course, roll its own kernel, is a good practice, but only if the admin know what to do. And of course a lot of other "practice" have to be take. Static kernel, prevent lkm. Grsecurity patch help a lot. ecc. But pourpose of kernel in stable isn't to be "the best choice in any case", just a reasonable default kernel. Then, of course YMMV, and a good admin have daily work to do ("security-out-of-the-box" is a buzz word, security is a process, not a product) to accomplish well his job. All of this, IMHO, obviously. My 0.2 cents. -- Principal Snyder: "This is great! Let's do donuts in the football field." --Buffy the Vampire Slayer: Band Candy -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
