Re: OT: Linux kernel version in fiber modem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Once upon a time, Slade Watkins <slade@xxxxxxxxxxxxxxxx> said:
> goes without saying but… old versions of the kernel are certainly way more
> prone to these attacks and 100% shouldn’t be included on hardware meant to
> be connected to the internet. (let alone send that connection to other
> devices and otherwise manage the network…)

The kernel is generally not a security issue on most of these devices;
there haven't been many remotely-exploitable kernel vulnerabilities over
time (at most, they're typically denial-of-service type attacks).  I
wouldn't really worry too much about just an old kernel version.

The security issues with embedded/IoT type things tend to be more in the
vendor software, often something that was slapped together with no
thought to security and never well maintained.  They have debugging
passwords accidentally left enabled, poor input processing, etc., and
they often run everything as root, losing the key protections of a
Unix/Linux environment (so there's no need for kernel security holes to
gain privilege).

Often, when the vendors do any security updates, they'll do just the
minimum needed (which does make sense, since it's also the least likely
to break devices that can be difficult or impossible to recover from an
update failure).  If the kernel doesn't have any known and exploitable
security issues, it'll be left as-is.

So, an old kernel version can indicate unmaintained software, or it can
also indicate conservative update practices.  Unforunately, the first
case is much more likely.

-- 
Chris Adams <linux@xxxxxxxxxxx>
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux