WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] patch for vanilla kernel

On Wed, Feb 27, 2008 at 03:04:50PM +0100, Stephan Seitz wrote:
> 
> >>>>then you need to be using kernels that aren't 18 months out of date.
> >>Humm... SQL Injections don't has any issue with kernels and the PHP fails
> >>normally runs with low level privileges on system, it could... but 
> >>it's not
> >>likely to hit the kernel without huge efforts.
> >
> >wtf? There are thousands of crappy php scripts out there that can be 
> >tricked into running arbitrary code ... add any one of the priviledge 
> >escalation vulnerabilities and the attacker can escalate "arbitrary 
> >code" into "root access".
> 
> Indeed, we all have to keep our systems secure, but this doesn't necessarily
> means that we need to keep the latest bleeding-edge kernel version running.
> 
> I agree with you, that it IS possible to escalate privileges even with dumb
> php scripts, but I disagree that newer kernel versions are tha best way to
> fix those issues.
> 
> btw. I also found xensource's 2.6.18.8-xen *much* more stable than any 
> xenified
> kernel on 32bit as well as on 64bit.
> 

Yes, 2.6.18 based Xen (Xenlinux) kernels are the most stable at the moment, 
and support all the features Xen has. 

Xen (pvops) support found in 2.6.2x kernels is far from complete.. at the
moment it lacks at least:
        - dom0 support
        - 64b support
        - live migration
        - testing and stability

So it basicly only works for PV domU. 

This is going to change hopefully soon when Redhat guys finish the pvops
dom0 and x86-64 support.. and get it integrated into mainline Linux kernels. 

> for newer drivers a backport is always possible.
> 

Yes, Redhat and Novell are doing exactly this. They're backporting driver
fixes/patches and even features to 2.6.18 or 2.6.16 kernels. 

-- Pasi

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users