Re: Next LTS release

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jun 08, 2016 at 11:39:34PM +0200, Mason wrote:
> On 08/06/2016 20:14, Willy Tarreau wrote:
> 
> > On Wed, Jun 08, 2016 at 08:22:38AM -0700, Greg KH wrote:
> >
> >> You can tell them that they are running insecure kernels that are
> >> trivial to break into, and provide them with the latest kernel release
> >> to resolve that.
> > 
> > FWIW I just checked, and since we dropped 2.6.32.y 3 months ago, at least
> > 2-3 null pointer dereferences affect it, that can be used either just to
> > crash the system, or even to gain privileges under certain conditions.
> 
> Would you believe me if I told you that we provide kernel version
> 3.4.39 because "applying security fixes breaks compatibility with
> binary kernel modules" ?

Oh I totally believe you, don't worry.

> What's worse, some customers agree with that "logic".

Yes there are plenty of such customers hosting botnets and spam relays
who are not aware of it. And when they sell products based on such kernels,
it's end users who are exposed. And generally these are the same who want
all the features they believe they'll need so you can't even cross fingers
for their kernel not to enable the dangerous features.

Sometimes you just need to throw the towel and work for another company
where you won't see these stupid customers anymore. When developers
willing to do this job will become rare, either they'll get paid a lot
for a really boring job or customers will start to think how to cut costs
by using less dangerous components that are more easily maintained.

Willy
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]