| |||||||||||
Security updates for old Red Hat releasesSecurity updates for old Red Hat releasesPosted Nov 20, 2003 11:58 UTC (Thu) by maceto (guest, #16498)In reply to: Security updates for old Red Hat releases by simlo Parent article: Security updates for old Red Hat releases Eh Debian can run for as long as your hardware goes. you only do apt-get update and apt-get upgrade to get the fixes- then when a new version comes out you do a apt-get dist-upgrade Se you don`t wanna change kernel- use Se-linux or lids then, and lock it down totaly, should help you alot atleast for some time
(Log in to post comments)
SE-Linux Posted Nov 20, 2003 12:27 UTC (Thu) by simlo (subscriber, #10866) [Link] > Se you don`t wanna change kernel- use Se-linux or lids thenFrom the very little I know about SE-Linux I still think I can conclude the following: Even with SE-Linux you will have to upgrade the kernel if a bug is found. I can see no way a system can lock down your access if the system itself is buggy (see X-box forinstance). You might live with the bug if it forinstance gives users root permissions as SE then might catch it. But buffer overflows in the kernel itself can still be used to get arbitrary code executed in the kernel thus avoiding SE as well as normal permission checks. And DOS attacks have ofcourse nothing to do with SE or not. On the other hand you can better live with bugs in userspace applications like sshd and Apache as the SE system might be able to catch the problems. Conclusion: Kernel updates are still needed. But you might be able to relax Again, I don't know so much about SE but I don't believe in magic :-)
|
|||||||||||