*********** REPLY SEPARATOR ***********
On 12.08.2003 at 23:20 Adam Majer wrote: >On Thu, Aug 07, 2003 at 07:03:13PM +0200, Thijs Welman wrote: >> Hi, >> >> Thanks. I forgot to mantion that i am subscribed to >> debian-security-announce as well (ofcourse ;)). As far as the kernel >> updates are concerned: i use my own kernel. At this moment that's 2.4.21 >> with Alan Cox' patches (ac4). Could be there's an exploit in that >> kernelversion. Maybe i should consider to go back to a >> debian-packagekernel... >> >> Anyone any comment on or experience with debian vs custom kernels? > >Generally if there is a kernel exploit, it is only used to get >root from some other account. The way they get in is though some >server app with a hole in it (known or not known). > <snip> This is why my personal favourite it the former trusted debian project, now kown as http://www.adamantix.org. Take a look at their site, they offer RSBAC, PaX, all the goodies for the Kernel AND: They recompile all packages to be buffer overflow proof and as secure as possible. Mixing with standard debian packages is not recommended of course, but so far I haven't encountered any problems. Nearly everything is there if You don't require X anyway. regards Martin
