[H-GEN] Use of Vanilla kernels in Linux
rbrockway at opentrend.net
Sat Jan 29 14:19:12 EST 2005
Well I'd say this is a persuasive argument on whether to use vanilla Linux
2.6 kernels or not. The short answer: don't.
Robert Brockway B.Sc. email: robert at timetraveller.org, rbrockway at uqconnect.net
Linux counter project ID #16440 (http://counter.li.org)
"They that can give up essential liberty to obtain a little temporary safety
deserve neither liberty nor safety." -- Benjamin Franklin
---------- Forwarded message ----------
Date: Thu, 13 Jan 2005 15:36:33 +0000
From: Alan Cox <alan at lxorguk.ukuu.org.uk>
To: grendel at caudium.net
Cc: Dave Jones <davej at redhat.com>, Linus Torvalds <torvalds at osdl.org>,
Marcelo Tosatti <marcelo.tosatti at cyclades.com>, Greg KH <greg at kroah.com>,
Chris Wright <chrisw at osdl.org>, akpm at osdl.org,
Linux Kernel Mailing List <linux-kernel at vger.kernel.org>
Subject: Re: thoughts on kernel security issues
Given that base 2.6 kernels are shipped by Linus with known unfixed
security holes anyone trying to use them really should be doing some
careful thinking. In truth no 2.6 released kernel is suitable for
anything but beta testing until you add a few patches anyway.
2.6.9 for example went out with known holes and broken AX.25 (known)
2.6.10 went out with the known holes mostly fixed but memory corrupting
bugs, AX.25 still broken and the wrong fix applied for the smb holes so
SMB doesn't work on it
I still think the 2.6 model works well because its making very good
progress and then others are doing testing and quality management on it.
Linus is doing the stuff he is good at and other people are doing the
stuff he doesn't.
That change of model changes the security model too however.
More information about the General