[TriLUG] oldest production linux box
Mike M
linux-support at earthlink.net
Fri Mar 5 12:33:29 EST 2004
On Thu, Mar 04, 2004 at 08:05:28PM -0500, Jeremy Portzer wrote:
> > I am guessing that keeping a sub 2.2 kernel based system up to date is
> > similar to maintaining a Gentoo system.
>
> Um, not really. Gentoo doesn't really require you to figure out
> dependencies and run configure and make commands yourself... it's all
> predetermined by the Gentoo developers in the "ebuild" files. Trying to
> maintain a seriously old system would require a LOT of custom compiling,
> patching, and even coding. Much more difficult than Gentoo.
Gentoo is higher on the food chain than I thought it was. Then, how
about Linux From Scratch - would using a sub 2.2 kernel safely be a
LFS project?
http://lfs.130th.net/lfs/whatislfs.html
...which in no way mitagates your admonishment that maintaining "a
seriously old system would require a LOT of custom compiling,
patching, and even coding."
It's that last part about coding that most concerns me. I do not know if
OpenSSL or
OpenSSH tests against older kernels. There is no way that I would trust
myself to backport a security app to an older kernel. In fact, that
might be my acid test - the oldest kernel I would consider using is the
oldest kernel supported by OpenSSH.
A quick scan of the Portable OpenSSH website did not yield information on what
was the lowest Linux kernel it would work with.
http://www.openssh.com/portable.html
Here's a hint that kernel 2.0 is working with OpenSSH despite a little
problem with priviledge separation:
http://lists.debian.org/debian-bsd/2003/debian-bsd-200304/msg00006.html
Here's the 2.0.40 Change Log. It even contains some humor. The
relevant bit from 2.0.40-rc8 is this:
o Correct AF_UNIX fd-passing (Michael Deutschmann)
semantics to match what OpenSSH
expects
http://kernel.org/pub/linux/kernel/v2.0/ChangeLog-2.0.40
Well...it might be possible to make a secure machine using 2.0.40 kernel
and linuxfromscratch techniques, but this approach makes using xBSD look
like a cakewalk :).
--
Mike
When the correction first comes, we tend to underreact. While we do not
like the surprise, we tend to think of it as maybe a one-time thing.
Things, we believe, will soon get back to normal. We do not scale back
our expectations sufficiently. It apparently takes years for this to
work itself out. - John Mauldin
More information about the TriLUG
mailing list