[GRLUG] Smoothwall

[Tim Schmidt]

On 1/21/06, Raymond McLaughlin <driveray at ameritech.net> wrote:
> Regrettably kernel security holes have been discovered in the last 689 days.
> (Please don't make me look one up.) And a reboot is required to implement a new,
> patched, kernel. Consequently any linux machine up that long must be vulnerable.
> At least so it seems to me.

That depends...  if the kernel is compiled with very many options
disabled (as is smoothwall) it will be much less likely that a given
security vulnerability applies to it.  Vendor kernels are generally
compiled with almost every option on for increased compatibility.

Also, kernels compiled with certain patches, compiler options, or even
different versions of the same compiler may not nescessarily be
vulnerable.  For instance, Gentoo kernels have been reported not
susceptible to several of the last 20 or so kernel vulns.

Not to mention the kexec code which lets you jump into another kernel
instance from a running kernel.

--tim