Re: what's your Debian uptime?

[Lisi Reisz <lisi.reisz@gmail.com>]

On Thursday 18 April 2013 14:33:51 green wrote:
> Darac Marjal wrote at 2013-04-18 04:05 -0500:
> > On Wed, Apr 17, 2013 at 10:43:27PM +0200, Hans-J. Ullrich wrote:
> > > Security issues, which affect modules, but not the kernel itself, may
> > > not cause the need of a new kernel. When people lik me and others on
> > > this list, are using a very small kernel, with minimalistic modules,
> > > and the security issues affect modules, which are not built nor
> > > installed, then there is no need, to install a new kernel.
> >
> > Out of curiosity, where is the evidence for this FUD that people are
> > coming up with that the kernel core CANNOT have a security issue?
>
> I think that what Hans wrote above is ambiguous, I assume Hans meant
> "[Those] security issues which affect modules…"

It is as you say ambiguous.  I took him to mean "Security issues do not affect 
the kernel (ever), so security updates can never be required for a bare 
kernel.  They are only required if they affect the particular modules which 
are compiled on that kernel."

And I had a job not being ambiguous myself.  I hope that I have succeeded.

I am very ignorant about kernels and was interested to learn that the kernel 
itself has no security problems; especially as I thought that there had been 
an exploit a couple of years ago, which necessitated temporarily shutting the 
site down.

Having just Googled, I find the info on that exploit ambiguous too as to the 
risk to the core of the kernel.  So I am still none the wiser. :-(

Lisi