Hi Eric.... Eric Romang wrote:
Hello,
Thxs for your answers :) But I think, this is security related ... You receive an email from SuSE talking about kernel security hole, and with all the instruction to install an new kernel RPM ...
So far it definitely is security related.
When I have install my RPM kernel on my SuSE 7.2, the quota support and IPV6, and Tunneling was inside the kernel ... But when I do this
I cannot verify this but if I remember right I always had to build my own kernel to enable quota support - so I have a feeling that the default kernels shipped with SuSE never had quota support compiled i in by default. Maybe this has changed withthe 2.4.* series, anyone verify? I am not using 2.4.* kernels in production systems yet so sorry for my ignorance.
update, SuSE say's nothing about consequence ..., I loose all my configuration, and also security configuration ... This is a security hole on how SuSE has communicate about this kernel update... This is a security hole on system where was good configured, but today not more...
There are numerous HOWTOs and READMEs about kernel installation, kernel compilation and lilo configuration. Alot of people put alot of effort into explaining every little detail about these processes. As a system administrator you MUST read this information or you will not be able to accomplish the necessary tasks to keep a machine up to date AND secure. Accusing the SuSE staff of opening security holes on your machine by announcing a kernel vulnerabilityx is - mildly spoken - ignorant. If you had read some necessary information about the process of upgrading kernels you would know that it is no mystery at all to keep an old kernel as a backup and configure lilo accordingly to be able to boot any out of 2 or more kernels. This way you can test a new kernel without any risk. Yes, developers have actually thought about this! And they have documented it. And SuSE documents it too! But I am sorry, you cannot expect from SuSE to explain the whole process of how to install, configure and employ a new kernel with every security announcement - since (again) this is not the proper forum for such things.
But, thxs for your help. Just one other question, can I downgrade my kernel with the 2.4.4-4 and that all my modules will be on more time OK, or should install
If you have the old kernel still around I see no problem with it. But dont expect me to explain the process ( because I do not want to quote another HOWTO ).
a complete server... think on the end user how receive a email with a security advisory every time... Linux gonna loose his customers if he don't care about all the dependencies of a system, and also don^'t explain correctly all the consequence on all the end users...
*grin* Fortunatly Linux is not a company and has no reason to be afraid of loosing customers. If you mean SuSE as a company selling a Linux based distribution - now that's a different story. I am sure (and SuSE has proven it over time) that they care about their customers. If you compare SuSE's effort (website, mailinglists, support service, installation support, etc......) being not a multi billion dollar corporation with the effort of a company like Microsoft you will soon realize that SuSE actually DOES care about their customers. Of course not everything is perfect and people make mistakes. We all do. But at SuSE I can recoginze their intention to do as good a job as possible given the available resources. One last word about the term 'end user': in my opinion an end user should not have to worry at all about an operation system - he should be busy doing his/her work and the OS should provide a stable base for this task. If the 'end user' happens to be a 'system administrator' he/she is expected to have some technical understanding of the involved techology (which can be time consuming - right) and just for this reason SuSE IMHO is NOT supposed to explain every detail of very COMMON tasks when they issue a security announcement. In fact, I am happy they only stick to the absolutely necessary information. We all dont want to piles of useless info - like this rant ;-)
Regards.
Eric
Regards, Erwin [... previous quotes deleted ....]