[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: A place to start

To: Tom Vogt <tom@lemuria.org>
Subject: Re: A place to start
From: James Bourne <jbourne@affinity-systems.ab.ca>
Date: Sun, 11 Jun 2000 11:34:21 -0600 (MDT)
cc: kernel-audit@nl.linux.org
In-Reply-To: <20000611095523.E19971@lemuria.org>
Sender: owner-kernel-audit@nl.linux.org

On Sun, 11 Jun 2000, Tom Vogt wrote:

> "Bechtolsheim, Stephan" <sbechtol@chi.navtech.com> wrote:
> > 1. Use the newest kernel
> 
> this means keeping up with changes. of which there's quite a lot between
> Linux kernels releases.
> 
> the other alternative is freezing it. choose one specific kernel and audit
> that.

But freezing it means a problem can slip into a newer kernel which is
possibly going to be more widely used then the one we audit.

Keeping up with changes isn't as hard as it sounds I would think.  For
example, if the block device drivers were audited once, then it would only
mean looking at the relevent changes of those drivers for new problems which
are introduced.  Also, monitoring what is going through linux-kernel will
keep an edge on what is coming up...  

Just my 2 bits, not trying to say it's an easy task by no means.

Regards,
Jim

-- 
James Bourne                  | Email:  jbourne@affinity-systems.ab.ca
Affinity Systems Inc.         | WWW: http://www.affinity-systems.ab.ca
Everything Linux              | Linux:  The choice of a GNU generation
----------------------------------------------------------------------
Unix System Administration, System programming, Network Administration

Kernel-audit:  discussion list for security and the linux kernel
Archive:       http://mail.nl.linux.org/kernel-audit/

References:
- Re: A place to start
  - From: Tom Vogt <tom@lemuria.org>

Prev by Date: Re: A place to start
Next by Date: Re: Starting point
Prev by thread: Re: A place to start
Next by thread: Re: A place to start
Index(es):
- Date
- Thread