[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: what's your Debian uptime?

On Wed, Apr 17, 2013 at 10:43:27PM +0200, Hans-J. Ullrich wrote:
> It is interesting. Whenever I someone is telling of big uptime, the arguiment 
> is: 
> 2. Security issues
> But a kernel can stay very, verry long time. On machines, where you do not 
> change hard or software  (i.e. new filesystems like btrfs), an old kernel will 
> work perfectly.
> Security issues, which affect modules, but not the kernel itself, may not cause 
> the need of a new kernel. When people lik me and others on this list, are 
> using a very small kernel, with minimalistic modules, and the security issues 
> affect modules, which are not built nor installed, then there is no need, to 
> install a new kernel.

Out of curiosity, where is the evidence for this FUD that people are
coming up with that the kernel core CANNOT have a security issue?
Presumably, the argument is that if I do "make allno" and install that
kernel, then there is NO CONCEIVABLE exploit in that code?

> So it is wrong to conclude and to say: Hey, your uptime is high, this 
> concludes to an unsecure host due to an old kernel. To say so, is a big 
> mistake! 
> Just to clear things. :)
> Anyway, let's have fun at hacking.

Attachment: signature.asc
Description: Digital signature

Reply to: