[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: My machine was hacked - possibly via sshd?

On martedì 29 marzo 2005, alle 00:34, Adam M. wrote:
> >But 2.4.18 is the Debian stable kernel, which gets security updates
> >and patches, no?
> No, it doesn't. I really think that packages like this old kernel should
> be removed from the mirrors, or at least updated with big fat warning.

Sorry, but this isn't correct.
kernel 2.4.18-1 in woody is patched against known vulnerability.

You may take a look on the latest update of it:


Recent vulnerability involve code not present in this release of kernel.
This is one of the main reason because security team doesn't want a new
release of kernel in the stable distribution.

> Anyway, the kernel in woody are not up to date. You *have to* roll your
> own kernel. At this time you should use the latest 2.4.x kernel, or
> 2.6.x if you need to. If you don't roll your own kernels, at least for
> machines with remote access, then all local users can get root.

Of course, roll its own kernel, is a good practice, but only if the
admin know what to do. And of course a lot of other "practice" have to
be take.

Static kernel, prevent lkm. Grsecurity patch help a lot. ecc.

But pourpose of kernel in stable isn't to be "the best choice in any
case", just a reasonable default kernel.

Then, of course YMMV, and a good admin have daily work to do
("security-out-of-the-box" is a buzz word, security is a process, not a
product) to accomplish well his job.

All of this, IMHO, obviously.

My 0.2 cents.

Principal Snyder: "This is great!  Let's do donuts in the football field."
	--Buffy the Vampire Slayer: Band Candy

Reply to: