[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Kernel upgrades = security upgrades - a possible solution?

Quoting Marcin Owsiany (porridge@pandora.info.bielsko.pl):
> On Wed, Sep 29, 1999 at 05:24:54PM +0300, Martin Fluch wrote:
> > On Wed, 29 Sep 1999, Marcin Owsiany wrote:
> > 
> > > I guess this kind of kernel packages would be for people quite concerned
> > > about security but also quite lazy :)
> > 
> > I guess, this is mutual exclusive. People which are lazy will leave many
> > (and I think also bigger) security holes some where else on the system, so
> > that it won't matter, if you keep your kernel that much secure...
> well, yes you are right.
> :)
> I guess i didn't really think of it before writing :(
> > > Also if you administer a lot of boxes, and if they work ok with the default
> > > kernel you will find it _a lot_ more convenient to automatically upgrade
> > > kernel than to compile it for each box...
> > 
> > Ever considerd the package 'kernel-package'. This makes out of any kernel
> > source debian packages, which then can be installed with dpkg, apt-get or
> > what ever ... 
> sure, since i had discovered it, i've never made a kernel without using it.
> But still you have to make the kernel, and if you compile it, you can't
> resist tweaking it to each particular system's needs, can you? :)

But this is where modules can help you. I have several machines that
need slightly different configurations because they have different
built-in sound mobos. I compile the kernel on one of them but with all
the modules I need. Then I fine tune /etc/modules for soundcard, ppa,
joystick etc.

But I think that the separation of kernel and distribution is a valuable
property of linux and should be preserved at all costs. Otherwise there
is the temptation to introduce subtle dependencies between them, which
increases complexity and decreases robustness.

On a slightly different but related tack, now that NT is an
Intel-only OS, how long before Intel architecture specific code
creeps into the kernel. How hard will it be to extract those
dependencies when transferring it to a new platform.


Email:  d.wright@open.ac.uk   Tel: +44 1908 653 739  Fax: +44 1908 655 151
Snail:  David Wright, Earth Science Dept., Milton Keynes, England, MK7 6AA
Disclaimer:   These addresses are only for reaching me, and do not signify
official stationery. Views expressed here are either my own or plagiarised.

Reply to: