Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release

To: debian-security@lists.debian.org
Subject: Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
From: Jan Lühr <jluehr@gmx.net>
Date: Thu, 13 Jan 2005 10:53:40 +0100
Message-id: <[🔎] 200501131053.40770.jluehr@gmx.net>
In-reply-to: <[🔎] 41E63A0A.4040904@publicityweb.com>
References: <[🔎] 200501121745.43535.jluehr@gmx.net> <[🔎] 200501122210.23676.jluehr@gmx.net> <[🔎] 41E63A0A.4040904@publicityweb.com>

Greetings,

Am Donnerstag, 13. Januar 2005 10:06 schrieb Christophe Chisogne:
> Jan Lühr a écrit :
> > Do you recommend to use kernel-source-2.4.27 from sid (sarge) instead of
> > 2.4.18 from woody?
>
> On a production server, I would run 2.4, not 2.6. 

m2

> And as Debian security 
> support seems better now for the 2.4.27 kernel, I would choose it.
> It include fixes backported from kernel.org 2.4.28, even 2.4.29-rc1

Thanks.

> Ex CAN-2004-1235 (uselib) is fixed since 2.4.29-rc1 at kernel.org
>     and will be fixed soon by upcoming (Debian) kernel-source-2.4.27-8
>     (and kernel-image-2.4.27-xyz build from it)

Sounds good. Will kernel-source-2.4.27 be available in days or weeks? 

> Or you can pick any kernel you want from kernel.org and build one
> yourself, either the traditional (make config; make dep...)
> or the Debian way (make config; make-kpkg -- via kernel-package).
> With the latter (debian), you obtain a debian package for your
> custom kernel. But that mean you become the local kernel/security
> maintainer. You can avoid this burden by simply using
> Debian kernel packages released by the kernel and security teams.

Well, running an rc-/pre-release on a production server is quite risky. Btw. 
AFAIK kernel.org  recommend not using their kernels, because they give no 
security support.

> > Is all information available
>
> For my basic needs on this, I often use Google and the 2 links belows
>
> For infos about fixes in "Debian" 2.4.27 kernels, read changelogs in
> kernel-source-2.4.27 package, by example -- by ex near end of
> http://packages.debian.org/unstable/devel/kernel-source-2.4.27
>
> For infos about fixes in "kernel.org" 2.4 kernels, read changelogs
> and changesets on the kernel.org homepage

Thanks. Using kernel-source.2.4.24 from seems to be a good option.
Can the openwall / grsecurity patches be applied to kernel-source-2.4.27?

Keep smiling
yanosz

Reply to:

Follow-Ups:
- Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
  - From: Christophe Chisogne <christophe@publicityweb.com>
- Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
  - From: Adrian von Bidder <avbidder@fortytwo.ch>

References:
- CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
  - From: Jan Lühr <jluehr@gmx.net>
- Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
  - From: Jan Lühr <jluehr@gmx.net>
- Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
  - From: Christophe Chisogne <christophe@publicityweb.com>

Prev by Date: Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
Next by Date: Security - avarage user point of view
Previous by thread: Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
Next by thread: Re: CAN-2005-0001, CAN-2004-1235, CAN-2004-1137, CAN-2004-1016, Georgi Guninski security advisory #72, 2004, grsecurity 2.1.0 release
Index(es):
- Date
- Thread