public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-dev] Kernel 2.4.20
@ 2003-08-05 14:08 Philippe Lafoucrière
  2003-08-05 18:25 ` Chris Gianelloni
  0 siblings, 1 reply; 7+ messages in thread
From: Philippe Lafoucrière @ 2003-08-05 14:08 UTC (permalink / raw
  To: Gentoo-dev

Hi all,

The stable kernel in portage is currently 2.4.20-r5, but the current
"stable" kernel is 2.4.21. And if you look a this :

http://www.securityfocus.com/archive/1/330888

There is an exploit in kernels < 2.4.21. We definitely should upgrade
our kernel version.

--
Phil.


--
gentoo-dev@gentoo.org mailing list


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-dev] Kernel 2.4.20
  2003-08-05 14:08 [gentoo-dev] Kernel 2.4.20 Philippe Lafoucrière
@ 2003-08-05 18:25 ` Chris Gianelloni
  2003-08-05 19:11   ` Philippe Lafoucrière
  0 siblings, 1 reply; 7+ messages in thread
From: Chris Gianelloni @ 2003-08-05 18:25 UTC (permalink / raw
  To: lafou; +Cc: Gentoo-dev

[-- Attachment #1: Type: text/plain, Size: 1169 bytes --]

On Tue, 2003-08-05 at 10:08, Philippe Lafoucrière wrote:
> Hi all,
> 
> The stable kernel in portage is currently 2.4.20-r5, but the current
> "stable" kernel is 2.4.21. And if you look a this :
> 
> http://www.securityfocus.com/archive/1/330888
> 
> There is an exploit in kernels < 2.4.21. We definitely should upgrade
> our kernel version.

Simply emerge vanilla-sources, pfeifer-sources, gs-sources, or any
number of other non-2.4.20 sources in portage.

The problem with 2.4.20 is only in netfilter code which isn't required. 
We are aware of the bug in the 2.4.20 kernel and are diligently working
on a solution.  There is currently a "beta" gentoo-sources, by the way
of pfeifer-sources, available.  Unfortunately, the gentoo-sources is a
VERY complex beast consisting of multiple patches which all have to be
ported to a new kernel version and regression tested to ensure there is
no breakage.  If you are concerned about the security of your system,
you should use a kernel other than gentoo-sources on any
Internet-accessible machines or not enable this feature of the netfilter
code.

-- 
Chris Gianelloni
Developer, Gentoo Linux

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-dev] Kernel 2.4.20
  2003-08-05 18:25 ` Chris Gianelloni
@ 2003-08-05 19:11   ` Philippe Lafoucrière
  2003-08-05 19:43     ` Chris Gianelloni
  0 siblings, 1 reply; 7+ messages in thread
From: Philippe Lafoucrière @ 2003-08-05 19:11 UTC (permalink / raw
  To: Chris Gianelloni; +Cc: Gentoo-dev


> Simply emerge vanilla-sources, pfeifer-sources, gs-sources, or any
> number of other non-2.4.20 sources in portage.
> 
> The problem with 2.4.20 is only in netfilter code which isn't required. 
> We are aware of the bug in the 2.4.20 kernel and are diligently working
> on a solution.  There is currently a "beta" gentoo-sources, by the way
> of pfeifer-sources, available.  Unfortunately, the gentoo-sources is a
> VERY complex beast consisting of multiple patches which all have to be
> ported to a new kernel version and regression tested to ensure there is
> no breakage.  If you are concerned about the security of your system,
> you should use a kernel other than gentoo-sources on any
> Internet-accessible machines or not enable this feature of the netfilter
> code.


Chris,

I have some free time in the next weeks, maybe I can help you with the kernel ebuilds 
if you need. 

--
Phil.


--
gentoo-dev@gentoo.org mailing list


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-dev] Kernel 2.4.20
  2003-08-05 19:11   ` Philippe Lafoucrière
@ 2003-08-05 19:43     ` Chris Gianelloni
  2003-08-05 20:27       ` George Shapovalov
  0 siblings, 1 reply; 7+ messages in thread
From: Chris Gianelloni @ 2003-08-05 19:43 UTC (permalink / raw
  To: lafou; +Cc: Gentoo-dev

[-- Attachment #1: Type: text/plain, Size: 535 bytes --]

On Tue, 2003-08-05 at 15:11, Philippe Lafoucrière wrote:
> Chris,
> 
> I have some free time in the next weeks, maybe I can help you with the kernel ebuilds 
> if you need. 

Thank you for the offer, but I am not on the x86-kernel team and have no
desire to work on the Gentoo kernels.  There are already plenty of
"fixed" kernels in the portage tree which require no work.  I would
suggest anyone concerned about this denial of service exploit to use one
of those kernels.

-- 
Chris Gianelloni
Developer, Gentoo Linux

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-dev] Kernel 2.4.20
  2003-08-05 19:43     ` Chris Gianelloni
@ 2003-08-05 20:27       ` George Shapovalov
  2003-08-06 14:48         ` Philippe Lafoucrière
  0 siblings, 1 reply; 7+ messages in thread
From: George Shapovalov @ 2003-08-05 20:27 UTC (permalink / raw
  To: Chris Gianelloni, lafou; +Cc: Gentoo-dev

I am sure Chris did not mean to turn your offer down. Any help is certainly 
welcome! However you might want to try more "official" channels.
Pop in onto irc.freenode.net, #gentoo, ask seemant or avenj for whom you 
should contact in this regard, or if you know any kernel devs (check 
corresponding ChangeLogs for example), try to reach those people directly..
Searching bugzilla for the relevant stuff migt help as well..
(The main point is, you need to contact the right people, and there are 
certainly ways to find who they are :). Oh, btw, I am not on kernel team 
either).

George


On Tuesday 05 August 2003 12:43, Chris Gianelloni wrote:
> On Tue, 2003-08-05 at 15:11, Philippe Lafoucrière wrote:
> > Chris,
> >
> > I have some free time in the next weeks, maybe I can help you with the
> > kernel ebuilds if you need.
>
> Thank you for the offer, but I am not on the x86-kernel team and have no
> desire to work on the Gentoo kernels.  There are already plenty of
> "fixed" kernels in the portage tree which require no work.  I would
> suggest anyone concerned about this denial of service exploit to use one
> of those kernels.



--
gentoo-dev@gentoo.org mailing list


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-dev] Kernel 2.4.20
  2003-08-05 20:27       ` George Shapovalov
@ 2003-08-06 14:48         ` Philippe Lafoucrière
  2003-08-06 16:02           ` Chris Gianelloni
  0 siblings, 1 reply; 7+ messages in thread
From: Philippe Lafoucrière @ 2003-08-06 14:48 UTC (permalink / raw
  To: George Shapovalov; +Cc: Chris Gianelloni, Gentoo-dev

On Tue, 2003-08-05 at 22:27, George Shapovalov wrote:
> I am sure Chris did not mean to turn your offer down. Any help is certainly 
> welcome! However you might want to try more "official" channels.
> Pop in onto irc.freenode.net, #gentoo, ask seemant or avenj for whom you 
> should contact in this regard, or if you know any kernel devs (check 
> corresponding ChangeLogs for example), try to reach those people directly..
> Searching bugzilla for the relevant stuff migt help as well..
> (The main point is, you need to contact the right people, and there are 
> certainly ways to find who they are :). Oh, btw, I am not on kernel team 
> either).


do you have their email address ? I can't find them on #gentoo, and I don't have voice in 
#gentoo-dev

thx

--
gravis


--
gentoo-dev@gentoo.org mailing list


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-dev] Kernel 2.4.20
  2003-08-06 14:48         ` Philippe Lafoucrière
@ 2003-08-06 16:02           ` Chris Gianelloni
  0 siblings, 0 replies; 7+ messages in thread
From: Chris Gianelloni @ 2003-08-06 16:02 UTC (permalink / raw
  To: lafou; +Cc: George Shapovalov, Gentoo-dev

[-- Attachment #1: Type: text/plain, Size: 466 bytes --]

On Wed, 2003-08-06 at 10:48, Philippe Lafoucrière wrote:
> do you have their email address ? I can't find them on #gentoo, and I don't have voice in 
> #gentoo-dev

You don't need voice to message someone.  You can always send them a
private message.  seemant's email is seemant@gentoo.org and avenj's
email is avenj@gentoo.org

You could also try emailing x86-kernel@gentoo.org to get to the kernel
team.

-- 
Chris Gianelloni
Developer, Gentoo Linux

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2003-08-06 16:15 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-08-05 14:08 [gentoo-dev] Kernel 2.4.20 Philippe Lafoucrière
2003-08-05 18:25 ` Chris Gianelloni
2003-08-05 19:11   ` Philippe Lafoucrière
2003-08-05 19:43     ` Chris Gianelloni
2003-08-05 20:27       ` George Shapovalov
2003-08-06 14:48         ` Philippe Lafoucrière
2003-08-06 16:02           ` Chris Gianelloni

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox