[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Open letter to SUN/Cobalt
- Subject: Re: [cobalt-security] Open letter to SUN/Cobalt
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Thu, 3 May 2001 10:48:06 +0200
- Organization: Forumworld.com
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Joshua,
> I'm assuming the sysctl() one was fine with C24 (I never looked at it
> personally).
Me neither. I know that my RaQ3 with the 2.2.14 kernel is vulnerable, but
after reading some negative feedback here about applying the RaQ4-C24 kernel
on the RaQ3 I rather would like for something which Cobalt approves for use
on a RaQ3.
> The problem with the ptrace race condition was this: when the exploit
> was first found and patched, it was around 2.2.19pre9 or so... that took
> care of the exploit going around, but then it was found that the kernel
> patch only closed the window on the race condition rather than
> eliminating it completely.
Yes, I've seen it in my old 2.2.18 and 2.2.16 kernels on my linux boxes at
home. Also on one of the earlier 2.2.19pre's a while ago when that one was
still hip.
> What I'm getting at is what's in C24 is like 2.2.19pre9 (with regard to
> the exploit), and C25 has was was done for 2.2.19 final.
Very good! That's what I wanted to know. Thanks a million for jumping in,
Joshua.
On a completly different topic, not even directly related to security issues.
But maybe you know something about this and are willing to share your
insights:
So far the extended-2 filesystem is commonly used on the Cobalt RaQs. While
this is certainly not a problem, there are also other very interesting file
systems which can and will enhance data integrity even in worst case
scenarios.
ReiserFS is one of them (had only good experiences with it so far) and just
recently SGI released the journaling XFS filesystem as open source. XFS will
most likely be integrated in future 2.4.X kernels in most major distributions
due to it's good reputation and the kind of features it offers.
Of course there is next to no reasonable way to switch existing RaQs from
ext2 to ReiserFS or even XFS.
However, how about future products? Can you imagine that either Sun or Cobalt
will eventually offer some entry level servers with a good journaling file
system in the closer future? Personally I think that would be most
interesting and a good sales argument.
--
Best regards
Michael Stauber