Re: Serious local root exploit in linux kernel
On Mon, Feb 11, 2008 at 10:52:57AM -0500, Kamaraju S Kusumanchi wrote:
> I am wondering what would be a good way to keep abreast of these kind of
> serious vulnerabilities. How did you come to know of this information? Is
> there any mailing list that I could subscribe? or there is a better
Well, I've found that by the time a confirmed fix is agreed to on
mailing lists, there's a fixed kernel available from
security.debian.org. So, I subscribe to the security announce list and
then do an upgrade as soon as it is announced.
The really scary part is the frequency of security updates to both the
kernel and iceweasel. It reinforces the idea that the security of a box
is the lesser of the security of:
1. the networks to which it is connected
2. the users
3. the administrator
4. the physical box.
Therefore, the most secure box in relation to the user is one without
network connection, which is only operated by the administrator who is
also guarding it 24/7. Anything less than this, and the user has to
trust somebody as much or more than themselves.
For 1 and 2, I trust security.debian