[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

harden-* conflict with bad kernels?


harden-localflaws package conflicts with some kernel-image packages
(needs to be updated for the <2.4.23 vulnerability) in order to ensure
that they are removed.  However, this can result in an unbootable system
if they are inadvertently removed, and furthermore, does not solve the
immediate problem of an insecure kernel in memory.  (The vulnerability
is not removed until the machine is rebooted with a new kernel.)

Would it be a better idea to, instead of removing the bad kernel package
through a Conflicts: , instead through postinst on install and each
update, scan the system for bad kernel packages and tell the admin about
them so he can take manual action about it?

Ryan Underwood, <nemesis@icequake.net>

Attachment: signature.asc
Description: Digital signature

Reply to: