Re: [DSA 479-2] New Linux 2.4.18 packages fix local root exploit (i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 15 April 2004 11.56, Tim Nicholas wrote:
> On 04/15/04 20:05, Michelle Konzack wrote:
> > Question: What about the Bootfloppies ?
> If I recall correctly it is assumed that users will not run on the
> boot floppy kernels after the initial system installation. They are
> expected to install a more appropriate kernel after finishing the
> install.
But who tells them? IIRC the woody installer does run dselect/tasksel at
the end, but both don't install a new kernel by default. Worse, the
install kernel is not contained in a package, so even update from
security.d.o won't install a newer kernel.
> As such there will be no patch for the boot floppy kernel.
I guess the main problem is that building the boot floppies is [said to
be] a very ugly piece of work.
cheers
- -- vbi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: get my key from http://fortytwo.ch/gpg/92082481
iKcEARECAGcFAkB+cOFgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjUmbWQ1c3VtPTVkZmY4NjhkMTE4NDMyNzYw
NzFiMjVlYjcwMDZkYTNlAAoJECqqZti935l61FwAn0unNuIETyOtcJUcWY7P/IwS
KcHSAJ9wH2J0TrjK2epJow9j2nW9ilNHLA==
=eZCu
-----END PGP SIGNATURE-----
Reply to: