'Moss-covered Tortoise' 2.0.40 Linux Kernel

← Back to Stories (view on slashdot.org)

'Moss-covered Tortoise' 2.0.40 Linux Kernel

Posted by timothy on Sunday February 8, 2004 @06:27AM from the slow-and-steady-wins-the-race dept.

An anonymous reader writes "KernelTrap reports that David Weinehall has released the 2.0.40 stable Linux kernel, calling it the "Moss-covered Tortoise". It earned this name by being released over 3 years after its predecessor, 2.0.39. Those still using the 2.0 kernel are recommended to upgrade for numerous reasons, including fixes to local exploits and remote information leaks. View the changelog and download the new kernel from a kernel.org mirror."

4 of 19 comments (clear)

Min score:

Reason:

Sort:

Re:local root by IshanCaspian · 2004-02-08 07:07 · Score: 2, Informative

The older kernels aren't really useful for most things we associate linux with...if you need a stripped-down kernel for an embedded device, local root holes don't matter.

--

But there is another kind of evil that we must fear most... and that is the indifference of good men.
Re:local root by tao · 2004-02-08 07:54 · Score: 5, Informative

Well, I released patch-2.0.40-pre1 (the first pre-patch for the 2.0.40-kernel) very soon after I first got to know about the exploit (in 2001), so no, I don't feel particularly guilty about this. People who still use 2.0-kernels for their machines shouldn't use them for multi-user purposes in a hostile environment (and firewall them _very_ carefully if they dare to connect them to the Internet), something I have stated publicly several times.

Of course I still include fixes for this kind of bugs when I get reports about them, but I won't rush a new 2.0-kernel when a new exploit surfaces, just a new pre-patch with the fix. If I had a broad user-base that could test every pre-patch thoroughly and provide me with feedback, the situation might've been different.

Regards: David Weinehall
2.0 can still have its uses by mnmn · 2004-02-08 11:38 · Score: 4, Informative

For machines with little RAM and extremely slow CPUs, this kernel kicks ass. If it can work beautifully on a 386-sx with 256MB hdd and 4MB Ram, (even 2mb if you push it), you can have embedded devices with slightly more ram using this kernel. If people can fit a tiny distro say on 64MB flash and let it run on 4MB ram, there are ARM MCUs with 4MB on board which you can gang up with 64MB flash and you'll have a linux box you can put in your ear.

All of a sudden QNX has another competition. Who knows the next Spirit or Opportunity might run Linux (although I'd strongly recommend them to use IBM microdrive and use kernel 2.4).

--
"Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
Re:local root by tao · 2004-02-09 04:40 · Score: 3, Informative

The reason I recommend people not to use 2.0 in a hostile multi-user environment, is because the feedback I receive for every new release (or pre-release) of 2.0 is virtually non-existing; I think the record feedback for a release is somewhere in the vicinity of 10 users. Furthermore, no large distribution runs the 2.0-kernel any longer, thus no active auditing takes place.

Also, since any large code-rewrites is out of the question for the 2.0-series, so some things are not fixable at all.

I never said the 2.0-series has got a lot of exploits that's known to me; all known exploits are, to the best of my knowledge, fixed in 2.0.40. And I never said I didn't bother to fix them (read my post again!) I just said I won't bother rushing out a new release (as in a 2.0.41, 2.0.42, ...) if a new exploit is discovered, I only release a new pre-patch.

Regards: David Weinehall