Re: Woody boot-floppies use flawed kernels

To: Thomas Viehmann <tv@beamnet.de>
Cc: Jonathan Quick <jon@hartrao.ac.za>, debian-boot@lists.debian.org
Subject: Re: Woody boot-floppies use flawed kernels
From: Petter Reinholdtsen <pere@hungry.com>
Date: 06 Apr 2003 09:14:59 +0200
Message-id: <[🔎] 2flbrzk5c7g.fsf@saruman.uio.no>
In-reply-to: <[🔎] 3E8BDD95.8060802@beamnet.de>
References: <[🔎] E190yNM-0007Qp-00@bootes.hartrao.ac.za> <[🔎] 3E8BDD95.8060802@beamnet.de>

[Thomas Viehmann]
> For installation at least, a local root hole is completely
> irrelevant. (There is no root password and no users.)
> The only thing that needs to be ensured is that the installed kernel
> is not vulnerable. That means
> - until a new point release is made, stock kernels should be automatically
>   upgraded via the security.d.o apt-lines,

This do not work as you expect it.  The kernel used by b-f is copied
into place on the HD by b-f.  There is no package to upgrade.  No
kernel package is installed by b-f, and the people with a stock woody
will have the security problem until they manually install a new and
improved kernel.

Reply to:

Follow-Ups:
- Re: Woody boot-floppies use flawed kernels
  - From: Thomas Viehmann <tv@beamnet.de>

References:
- Woody boot-floppies use flawed kernels
  - From: Jonathan Quick <jon@hartrao.ac.za>
- Re: Woody boot-floppies use flawed kernels
  - From: Thomas Viehmann <tv@beamnet.de>

Prev by Date: Re: Building d-i as a package
Next by Date: Processing of rootskel_0.23_i386.changes
Previous by thread: Re: Woody boot-floppies use flawed kernels
Next by thread: Re: Woody boot-floppies use flawed kernels
Index(es):
- Date
- Thread