Re: about volatile.d.o/n

To: debian-devel@lists.debian.org
Subject: Re: about volatile.d.o/n
From: paddy <paddy@panici.net>
Date: Sun, 10 Oct 2004 01:15:01 +0100
Message-id: <[🔎] 20041010001500.GA26127@cobalt0.panici.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20041009214814.GA8729@cobalt0.panici.net>
References: <[🔎] 20041008155148.GT8964@mails.so.argh.org> <[🔎] 20041009070111.GE3865@debian.potter> <[🔎] 20041009090051.GC6152@gandalf.libero.it> <[🔎] 20041009091152.GA20866@debian.potter> <[🔎] 20041009144305.GD2449@www.lobefin.net> <[🔎] 20041009153713.GB29362@cobalt0.panici.net> <[🔎] 20041009195411.GC3736@debian.potter> <[🔎] 20041009214814.GA8729@cobalt0.panici.net>

Here I go, replying to myself again ...

On Sat, Oct 09, 2004 at 10:48:15PM +0100, paddy wrote:
> clamav is a really good example of a very self-contained, at least in
> some setups.  two pipes, no privs (someone corrrect me if I'm wrong).
> In the case of clamav, what i believe is at issue is not the stability or
> security of whole individual systems (possibly the clamav function) but 
> importantly the stability of the archive, that system.

Even if I'm not oversimplifying, I'm assuming that compromise of a 
clamav process could give access to any local exploits available through
available system calls.  I take it that stable and security.d.o 
pick up the tab for this.  Which makes me wonder: I seem to recall
that maintenance of linux kernels has tended to drop covering local
holes after a period on old kernels.  I take it stable has this 
covered, but it would be a consideration for any potential deep-freezers,
and is at least a box to check for volatile.

Regards,
Paddy
-- 
Perl 6 will give you the big knob. -- Larry Wall

Reply to:

References:
- about volatile.d.o/n
  - From: Andreas Barth <aba@not.so.argh.org>
- Re: about volatile.d.o/n
  - From: Kevin Mark <kmark+debian-devel@pipeline.com>
- Re: about volatile.d.o/n
  - From: Francesco Paolo Lovergine <frankie@debian.org>
- Re: about volatile.d.o/n
  - From: Kevin Mark <kmark+debian-devel@pipeline.com>
- Re: about volatile.d.o/n
  - From: Stephen Gran <sgran@debian.org>
- Re: about volatile.d.o/n
  - From: paddy <paddy@panici.net>
- Re: about volatile.d.o/n
  - From: Kevin Mark <kmark+debian-devel@pipeline.com>
- Re: about volatile.d.o/n
  - From: paddy <paddy@panici.net>

Prev by Date: Re: possible mass bug filing: spamassassin 3
Next by Date: Re: First spam
Previous by thread: Re: about volatile.d.o/n
Next by thread: Re: about volatile.d.o/n
Index(es):
- Date
- Thread