RE: local root exploit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, 11 Feb 2008, Ross S. W. Walker wrote:

> Dag Wieers wrote:
> > On Mon, 11 Feb 2008, jarmo wrote:
> >
> > > Ofcource there's a way, get vanilla kernel 2.6.24.2 and use
> > old config
> > > compile it and run. I've done it.
> >
> > And *poof* you lost all support or reproducability that
> > people crave when
> > using CentOS or RHEL.
> >
> > So yes, it is a possibility, but probably unlikely when
> > people have chosen
> > CentOS or RHEL. And especially for those systems that are considered
> > production (or important) and that are the most vulnerable you may not
> > want to do this. (Or maybe instead you need to !)
>
> Yes, true, but say you are running a shell account system and want to
> know it isn't vulnerable, can't wait until upstream provides a fix
> and don't want to run some possibly flaky work-around patch, what
> then?
>
> I think one needs to weigh the consequences in these scenarios instead
> of saying it should be all one way or the other.

Then I would opt to patch the latest Red Hat kernel with eg. the Debian
patch rather than running a 2.6.24.2 kernel that may have numerous
yet-unknown compatibility problems with parts of the system that interact
with the kernel. And I would make an RPM out of it that upgrades smoothly
to the next CentOS release.

But then again, this would be advice for a minority and not something I
would recommend to everyone on this list.

-- 
--   dag wieers,  dag@xxxxxxxxxx,  http://dag.wieers.com/   --
[Any errors in spelling, tact or fact are transmission errors]
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux