Date: Tue, 13 Jul 2004 12:58:59 +0200 From: Phil Schulz <ph.schulz@gmx.de> To: Mark <admin@asarian-host.net> Cc: freebsd-questions@freebsd.org Subject: Re: Is it safe to keep /kernel.old? Message-ID: <40F3C073.9050402@gmx.de> In-Reply-To: <200407131018.I6DAIASL045534@asarian-host.net> References: <200407131018.I6DAIASL045534@asarian-host.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[Please wrap your lines] Mark wrote: [...] > My question is, though, is it safe to keep /kernel.old? [...] > I am not sure whether users could actually use the old kernel (once in > multi-user mode). Still, I wonder if this concern is valid at all. Or > whether I should perhaps get rid of the old kernel. Mark, I'd say there is no problem in keeping the old kernel around. Even if you had to apply a security patch to the current kernel. After applying the patch, re-compiling and installing the new kernel, /kernel.old would indeed contain the old security hole. However, as long as nobody can boot that old kernel, no harm can be done. If an attacker is actually able to boot your old vulnerable kernel, then he won't need to exploit the security whole anymore :-) Phil.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?40F3C073.9050402>