[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: about volatile.d.o/n

Here I go, replying to myself again ...

On Sat, Oct 09, 2004 at 10:48:15PM +0100, paddy wrote:
> clamav is a really good example of a very self-contained, at least in
> some setups.  two pipes, no privs (someone corrrect me if I'm wrong).
> In the case of clamav, what i believe is at issue is not the stability or
> security of whole individual systems (possibly the clamav function) but 
> importantly the stability of the archive, that system.

Even if I'm not oversimplifying, I'm assuming that compromise of a 
clamav process could give access to any local exploits available through
available system calls.  I take it that stable and security.d.o 
pick up the tab for this.  Which makes me wonder: I seem to recall
that maintenance of linux kernels has tended to drop covering local
holes after a period on old kernels.  I take it stable has this 
covered, but it would be a consideration for any potential deep-freezers,
and is at least a box to check for volatile.

Perl 6 will give you the big knob. -- Larry Wall

Reply to: