On Wed, Dec 07, 2011 at 07:33:37AM +0100, Stefan Seyfried wrote: ...
If it is obscure, seldom used stuff: why not? I do, for example, never load the AX25 and ROSE drivers (even though I have a license to use the equipment they talk to). Why not? Because I don't need them. So there were quite some Kernel updates in the past I could safely skip because they fixed security bugs in those protocols.
Actually you shouldn't have skipped them, because these protocols are autoloadable by regular users and the exploits. (you just need to create a socket with AF_ROSE or AF_AX25 to load them). So the root exploits in those modules worked because the kernel was (and I think still is) autoloading network modules on demand. All in all it is less "fear of the unknown" but a call for application of "Principle of least privilege" ( http://en.wikipedia.org/wiki/Principle_of_least_privilege ) For what it is worth, the 504 resolved kernel bugs in my buglist were handled competently by kernel developers and I guess the future ones will too. It just would have been way better if those bugs would never had been there. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org