On Tue, Apr 20, 2010 at 2:09 PM, Charles Jones <[email protected]> wrote: > Having a high uptime does not necessarily mean that there have been no > security updates, since you can update almost everything without a reboot. > Granted a reboot is required to update the kernel itself, but if your server > is decently hardened and firewalled, exactly which kernel exploits are you > vulnerable to?
Well, hang on, there's really a defense-in-depth argument to be made here. It's true that if you have perfect network security, you'll never have an untrusted local user, and so you don't care about kernel exploits. But the fact of the matter is, at some point, due to a bug or an operational error, even the most earnestly hardened/firewalled servers can become accessible -- and then your kernel really does matter. Combine that with the relative frequency of kernel privilege escalation vulnerabilities (a few privilege escalation vulnerabilities get found ~monthly in the Linux kernel), and things become a bit more concerning. - Waseem Disclaimer: when I'm not reading these mailing lists, I work for Ksplice (we developed technology that can install Linux kernel updates without rebooting, while applications are running) so kernel updates, uptime, and security are all subjects near and dear to my heart :P -- Waseem Daher Ksplice www.ksplice.com Phone: 765-577-5423 _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
