2.4 Fast Release Should not be Unusual

2.4 Fast Release Should not be Unusual

Posted Jan 9, 2004 1:59 UTC (Fri) by AnswerGuy (subscriber, #1256)
Parent article: Kernel release status

"Unusually, Marcelo deferred the patches in the 2.4.24 prepatches and released a kernel containing only the mremap() and RTC security fixes and a couple of other small repairs."

That's the way it should be. I think he should be publicly lauded for this just as I publicly lambasted him for failing to take this approach in the past.

Security fixes should take precedence; should be as immediate as they can be correctly tested, and should include minimal other changes. These allow the maximum number of potentially vulnerable sites to secure themselves in the mimimum time frame with minimal risk.

Do we need to draw a picture to drive this point home?

In the future we're likely to see more "flash attack" worms. Fully automated scripts that exploits a sequence of vulnerabilities in ubiquitous Linux software (the kernel, ssh, etc) to spread as widely as possible on "zero day." We're also certain to see more agressive "day one" activity (script kiddies and crackers who know of a vulnerability unleashing their attacks as soon as they hear that a given vulnerability or string of vulnerabilities has been patched).

These are inevitable consequences of systems that can be securely, reliably and automatically updated. It's evitable as Linux becomes dramatically more widespread.

---

(Log in to post comments)