Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
Greetings,
Am Donnerstag, 13. Januar 2005 10:06 schrieb Christophe Chisogne:
> Jan Lühr a écrit :
> > Do you recommend to use kernel-source-2.4.27 from sid (sarge) instead of
> > 2.4.18 from woody?
>
> On a production server, I would run 2.4, not 2.6.
m2
> And as Debian security
> support seems better now for the 2.4.27 kernel, I would choose it.
> It include fixes backported from kernel.org 2.4.28, even 2.4.29-rc1
Thanks.
> Ex CAN-2004-1235 (uselib) is fixed since 2.4.29-rc1 at kernel.org
> and will be fixed soon by upcoming (Debian) kernel-source-2.4.27-8
> (and kernel-image-2.4.27-xyz build from it)
Sounds good. Will kernel-source-2.4.27 be available in days or weeks?
> Or you can pick any kernel you want from kernel.org and build one
> yourself, either the traditional (make config; make dep...)
> or the Debian way (make config; make-kpkg -- via kernel-package).
> With the latter (debian), you obtain a debian package for your
> custom kernel. But that mean you become the local kernel/security
> maintainer. You can avoid this burden by simply using
> Debian kernel packages released by the kernel and security teams.
Well, running an rc-/pre-release on a production server is quite risky. Btw.
AFAIK kernel.org recommend not using their kernels, because they give no
security support.
> > Is all information available
>
> For my basic needs on this, I often use Google and the 2 links belows
>
> For infos about fixes in "Debian" 2.4.27 kernels, read changelogs in
> kernel-source-2.4.27 package, by example -- by ex near end of
> http://packages.debian.org/unstable/devel/kernel-source-2.4.27
>
> For infos about fixes in "kernel.org" 2.4 kernels, read changelogs
> and changesets on the kernel.org homepage
Thanks. Using kernel-source.2.4.24 from seems to be a good option.
Can the openwall / grsecurity patches be applied to kernel-source-2.4.27?
Keep smiling
yanosz
Reply to:
- Follow-Ups:
- Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
- From: Christophe Chisogne <christophe@publicityweb.com>
- Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
- From: Adrian von Bidder <avbidder@fortytwo.ch>
- References:
- CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
- From: Jan Lühr <jluehr@gmx.net>
- Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
- From: Jan Lühr <jluehr@gmx.net>
- Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
- From: Christophe Chisogne <christophe@publicityweb.com>
- Prev by Date:
Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
- Next by Date:
Security - avarage user point of view
- Previous by thread:
Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
- Next by thread:
Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
- Index(es):