Dag Wieers wrote:
On Mon, 11 Feb 2008, Ross S. W. Walker wrote:
Dag Wieers wrote:
On Mon, 11 Feb 2008, jarmo wrote:
Ofcource there's a way, get vanilla kernel 2.6.24.2 and use
old config
compile it and run. I've done it.
And *poof* you lost all support or reproducability that people crave when using CentOS or RHEL.
So yes, it is a possibility, but probably unlikely when people have chosen CentOS or RHEL. And especially for those systems that are
considered
production (or important) and that are the most
vulnerable you may not
want to do this. (Or maybe instead you need to !)
Yes, true, but say you are running a shell account system
and want to
know it isn't vulnerable, can't wait until upstream provides a fix and don't want to run some possibly flaky work-around patch, what then?
I think one needs to weigh the consequences in these
scenarios instead
of saying it should be all one way or the other.
Then I would opt to patch the latest Red Hat kernel with eg. the Debian patch rather than running a 2.6.24.2 kernel that may have numerous yet-unknown compatibility problems with parts of the system that interact with the kernel. And I would make an RPM out of it that upgrades smoothly to the next CentOS release.
Problem with Debian patch is it may conflict with some of the RH backports, but if it works why not submit it to CentOS team for testing as I hear the RH current workaround has issues with GPFs.
If it works then maybe a "FastTrack" kernel could be put out on CentOS?
Easiest way for me would be to adapt a FC8 kernel package to C5 then try to play with a back-ported patch from a third-party system into an already heavily patched kernel.
But then again, this would be advice for a minority and not something I would recommend to everyone on this list.
I personnally run my systems behind the firewall, but I suppose anybody who has CentOS/RHEL 5 that is Internet facing would worry a little bit more.
I wonder if any existing user-land utilities have hooks into vmsplice that may be able to be accessed via PHP, Perl, or CGI?
-Ross
______________________________________________________________________ This e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender and permanently delete the original and any copy or printout thereof.