Once upon a time, Slade Watkins <sl...@sladewatkins.com> said: > goes without saying but… old versions of the kernel are certainly way more > prone to these attacks and 100% shouldn’t be included on hardware meant to > be connected to the internet. (let alone send that connection to other > devices and otherwise manage the network…)
The kernel is generally not a security issue on most of these devices; there haven't been many remotely-exploitable kernel vulnerabilities over time (at most, they're typically denial-of-service type attacks). I wouldn't really worry too much about just an old kernel version. The security issues with embedded/IoT type things tend to be more in the vendor software, often something that was slapped together with no thought to security and never well maintained. They have debugging passwords accidentally left enabled, poor input processing, etc., and they often run everything as root, losing the key protections of a Unix/Linux environment (so there's no need for kernel security holes to gain privilege). Often, when the vendors do any security updates, they'll do just the minimum needed (which does make sense, since it's also the least likely to break devices that can be difficult or impossible to recover from an update failure). If the kernel doesn't have any known and exploitable security issues, it'll be left as-is. So, an old kernel version can indicate unmaintained software, or it can also indicate conservative update practices. Unforunately, the first case is much more likely. -- Chris Adams <li...@cmadams.net> _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
