[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Woody boot-floppies use flawed kernels

HI Jonathan,

Jonathan Quick wrote:
>   Is there any intention to release a new version of the Woody boot-floppies
> based on the kernel-image-2.2.25 and kernel-image-2.4.20-1 kernels which 
> include the ptrace security hole fix ( see DSA-270 for example.)  Obviously
> this would require similar patched kernels for all architectures to be
> available too.  Perhaps a critical or grave bug should be filed against
> the boot-floppies & debian-cd to ensure this issue receives attention ?

For installation at least, a local root hole is completely irrelevant. (There is
no root password and no users.)
The only thing that needs to be ensured is that the installed kernel is not
vulnerable. That means
- until a new point release is made, stock kernels should be automatically
  upgraded via the security.d.o apt-lines,
- when a new point release is made, fixed kernels should be offered to install
  on the hard disk.
Unless there is a problem with one of these, I don't think there's much of a
bug, certainly not in boot floppies.



Attachment: pgpJPU813Si7Q.pgp
Description: PGP signature

Reply to: