Re: about volatile.d.o/n
Here I go, replying to myself again ...
On Sat, Oct 09, 2004 at 10:48:15PM +0100, paddy wrote:
> clamav is a really good example of a very self-contained, at least in
> some setups. two pipes, no privs (someone corrrect me if I'm wrong).
> In the case of clamav, what i believe is at issue is not the stability or
> security of whole individual systems (possibly the clamav function) but
> importantly the stability of the archive, that system.
Even if I'm not oversimplifying, I'm assuming that compromise of a
clamav process could give access to any local exploits available through
available system calls. I take it that stable and security.d.o
pick up the tab for this. Which makes me wonder: I seem to recall
that maintenance of linux kernels has tended to drop covering local
holes after a period on old kernels. I take it stable has this
covered, but it would be a consideration for any potential deep-freezers,
and is at least a box to check for volatile.
Perl 6 will give you the big knob. -- Larry Wall