RH Kernel Vulnurability

David A. Sinck plug-discuss@lists.plug.phoenix.az.us
Mon, 18 Nov 2002 15:25:58 -0700


\_ SMTP quoth Michael Havens on 11/18/2002 15:25 as having spake thusly:
\_
\_ When should this kenel update be on red-carpet? I downloadsed kernel 
\_ 2.4.18-18.7 and opened it and it says I have a dependency. Or should I really 
\_ worry about it seeing as I'm one person?

Yes.

If someone compromises your machine and needs to reboot to complete
the install, they can DOS your box, you'll happily reboot it probably,
and presto.... 

It's obviously more critical for unattended remote boxes (eg: colo'd
boxes), but you can still be owned in your own home.

It's a balance between paranoia and usefulness.  You pick your balance
point and deal with the consequences, one way or the other.

David