Re: down to the core

To: Steve Melo <smelo@communitytrust.ca>, debian-firewall@lists.debian.org
Subject: Re: down to the core
From: Mike Mestnik <cheako911@yahoo.com>
Date: Fri, 23 Jul 2004 16:14:29 -0700 (PDT)
Message-id: <[🔎] 20040723231429.81956.qmail@web11901.mail.yahoo.com>
In-reply-to: <[🔎] 1090621559.5213.3.camel@jmedina.calcom.com.mx>

It's a sad day indeed when ppl equate patching with security.  I wonder if
there is any relation to other ideas, like sending HTML Mail or using
microsoft software on production systems?

Just to make things clear kernel patches SHOULD be considered a security
risk.  Learn to work within what is stable and true(2.4 or better 2.2) or
sacrifice your security for freedom you will.

1. Debian's initrd uses the cramfs patch, not found in the pristine
source, using these kernels may result in an undesired affect or boot
hack.  It's true that it's relatively easy to get a prestine kernel
booting.
2. Using patches against the debian kernel tree is an even worse idea, you
never know what kind of doors you will open.  It's true there are patches
out there for the debian source trees, but these are the exception not the
rule.

--- Jorge Armando Medina <jmedina@calcom.com.mx> wrote:
> Maybe you can take a look at http://www.sentryfirewall.com, its based on
> slackware and is dedicated for firewalling, It has other patches that
> you can use in your box.
> 
> On Fri, 2004-07-23 at 14:24, Steve Melo wrote:
> > Greetings,
> >  
> > I'm looking to build a system that will be a dedicated firewall
> > machine.
> > I would like this installation to be secure from the ground up and was
> > hoping that someone could recommend a customized kernel package 
> > built specifically for firewalling.  The reason I'm asking is because
> > just
> > recently I tried using the ulog feature only to find that it is not
> > supported
> > by my kernel.  So I figured if I'm going to build a new kernel, what
> > other
> > enhancements can I make?  
> >  
> > I don't know much about kernel patches either so excuse me if this is
> > a 
> > dumb question:  Are there any patches that would give me additional 
> > functionality related to firewalling?
> >  
> >  
> > Thank you all,
> >  
> > steve
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
> 

__________________________________
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
http://promotions.yahoo.com/new_mail

Reply to:

Follow-Ups:
- Re: down to the core
  - From: Daniel Pittman <daniel@rimspace.net>

References:
- Re: down to the core
  - From: Jorge Armando Medina <jmedina@calcom.com.mx>

Prev by Date: Re: down to the core
Next by Date: Re: down to the core
Previous by thread: Re: down to the core
Next by thread: Re: down to the core
Index(es):
- Date
- Thread