On Thu, 09 Oct 2008 17:40:03 +1300 Jasper Bryant-Greene <[EMAIL PROTECTED]> wrote:
> On 9/10/2008, at 4:30 PM, Steve Holdoway wrote: > > > I've got debian servers with uptimes measured in years ( well, > > except for the single reboot when they moved data centres about a > > year ago ), and I've got CentOS servers in the same category. > > If their uptime is measured in years then I'd bet good money that > they're vulnerable to at least one local user root exploit, possibly > more. Upgrading kernels isn't just for fun, there's some profit to be > had too. > > -jasper The word local is the important bit here - apart from the fact that most of these are in New Jersey. They're servers, serving content to the internet through strictly controlled services. These services have been upgraded many times - and now run orders of magnitude faster and infinitely more reliably. To get access to these servers would be extremely difficult - internet facing access is as squeaky new as practicable, and ssh access is extremely strictly controlled. As I said elsewhere, it's all down to risk, and your perception of it. In these cases, there are no local users, and internet-facing services ( on the servers directly connected to the internet ) are mainly non-standard - and all servers are heavily secured, including IDS - so the prime directive for the kernel on these servers is to be stable, as far as I'm concerned. Yes, you're absolutely correct, there are plenty of reasons to upgrade a kernel, but there are also situations where the risk outweighs them. In this case, I'll need to start replacing hardware in a year or so, and that's when I'll uprade. I must admit, 64bit database servers would be nice (: Cheers, Steve Steve -- Steve Holdoway <[EMAIL PROTECTED]>
