From owner-freebsd-questions@FreeBSD.ORG  Tue Jul 13 10:59:40 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8080E16A4CE
	for <freebsd-questions@freebsd.org>;
	Tue, 13 Jul 2004 10:59:40 +0000 (GMT)
Received: from mail.gmx.net (pop.gmx.net [213.165.64.20])
	by mx1.FreeBSD.org (Postfix) with SMTP id 47C1943D3F
	for <freebsd-questions@freebsd.org>;
	Tue, 13 Jul 2004 10:59:39 +0000 (GMT)
	(envelope-from ph.schulz@gmx.de)
Received: (qmail 8192 invoked by uid 65534); 13 Jul 2004 10:59:38 -0000
Received: from p5090CB4D.dip0.t-ipconnect.de (EHLO gmx.de) (80.144.203.77)
  by mail.gmx.net (mp011) with SMTP; 13 Jul 2004 12:59:38 +0200
X-Authenticated: #1954550
Message-ID: <40F3C073.9050402@gmx.de>
Date: Tue, 13 Jul 2004 12:58:59 +0200
From: Phil Schulz <ph.schulz@gmx.de>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040520
X-Accept-Language: de, en-us, en
MIME-Version: 1.0
To: Mark <admin@asarian-host.net>
References: <200407131018.I6DAIASL045534@asarian-host.net>
In-Reply-To: <200407131018.I6DAIASL045534@asarian-host.net>
X-Enigmail-Version: 0.84.0.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: freebsd-questions@freebsd.org
Subject: Re: Is it safe to keep /kernel.old?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Jul 2004 10:59:40 -0000

[Please wrap your lines]

Mark wrote:
[...]
> My question is, though, is it safe to keep /kernel.old?
[...]
> I am not sure whether users could actually use the old kernel (once in 
> multi-user mode). Still, I wonder if this concern is valid at all. Or 
> whether I should perhaps get rid of the old kernel.

Mark,

I'd say there is no problem in keeping the old kernel around. Even if 
you had to apply a security patch to the current kernel. After applying 
the patch, re-compiling and installing the new kernel, /kernel.old would 
indeed contain the old security hole. However, as long as nobody can 
boot that old kernel, no harm can be done. If an attacker is actually 
able to boot your old vulnerable kernel, then he won't need to exploit 
the security whole anymore :-)

Phil.