[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: New kernel (Was: [cobalt-security] SUN don't care about securityupdate ?)

Subject: RE: New kernel (Was: [cobalt-security] SUN don't care about securityupdate ?)
From: Paul Jacobs <paul@xxxxxxxxxxxxxxxxxx>
Date: Sat, 23 Mar 2002 19:02:35 -0800
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

At 04:49 PM 3/21/2002, you wrote:

> That is good to here, but will the upgrade path be easy ( a
> patch) or hard
> (a system reload) ?
>
> And when will it be available to download, and not screw up the box when
> you install...???

Paul you need to read Bruce's answer again he didn't say there would be an
upgrade he said that the next product and all future products will be based
on the 2.4 kernel.  In other words look closely at Tim Hockins stuff on 2.4
for the RaQ4 (I know a guy who is running 2.4.13, and converted the /home
and /var partitions to ext3 so it can be done but don't expect SunCobalt to
do it as you will gather from the thread the RaQ4 will become obsolete in
time and will suffer the same fate as the RaQ2 and RaQ3


I will have a look see.

> >Our next product, and all future products on the roadmap, will be based
> >on a 2.4.x kernel.

I think the most we should and deserve to hope for is for the features in
the manual to work on the product.


Yes, and do they all work?

Bruce remember the 2001 Worldwide - I was promised that the backup facility
was going to be fixed and back ported to the RaQ3 and RaQ4 and maybe even
the RaQ2 and Qube2..!

>From a security point of view I know of at least one company that can root
any cobalt when needed if a customer forgets their password. They have been
able to do it for just over a year (in fact they had a party to celebrate
the anniversary of telling Cobalt)  They even have an internal web page to
allow them to do it easily on their own network I stress.

The php vulnerability in the XTR and Qube3 needs to be fixed quickly as well
as reported Vulnerabilities in the XTR Admin GUI.

and I saw on this list that there is also a zlib vulnerability as well.

I know individuals within SunCobalt bust a gut to get stuff done its the Sun
people up above who don't give the priorities that are to blame - at the end
of the day engineers usually want to fix stuff if its broke and code new
features when done.

my 2 cents having seen the inside and the outside.

Gavin

_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security


Paul Jacobs /Senior Network Eng.
Yourwebcentral.com
"Host ANY website "
http://www.yourwebcentral.com
mailto:paul@xxxxxxxxxxxxxxxxxx

References:
- Re: New kernel (Was: [cobalt-security] SUN don't care about securityupdate ?)
  - From: Paul Jacobs
- RE: New kernel (Was: [cobalt-security] SUN don't care about securityupdate ?)
  - From: Gavin Nelmes-Crocker

Prev by Date: [cobalt-security] webserver down
Next by Date: Re: [cobalt-security] too many files open?
Previous by thread: RE: New kernel (Was: [cobalt-security] SUN don't care about securityupdate ?)
Next by thread: Re: New kernel (Was: [cobalt-security] SUN don't care aboutsecurityupdate ?)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index