Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Moss-covered Tortoise' 2.0.40 Linux Kernel

Posted by timothy on from the slow-and-steady-wins-the-race dept.

An anonymous reader writes "KernelTrap reports that David Weinehall has released the 2.0.40 stable Linux kernel, calling it the "Moss-covered Tortoise". It earned this name by being released over 3 years after its predecessor, 2.0.39. Those still using the 2.0 kernel are recommended to upgrade for numerous reasons, including fixes to local exploits and remote information leaks. View the changelog and download the new kernel from a kernel.org mirror."

10 of 19 comments (clear)

  1. Re:hahaha by rjw57 · · Score: 2, Funny

    Damn you sir! Your carefully constructed criticism is the key reason Microsoft needs to tell users considering of switching. You sir have just killed this entire 'Open Source' thing -- unless we can send in the guys with black helecopters to take out /. first.

    --
    Rich
  2. They took it! by Anonymous Coward · · Score: 5, Funny

    "Moss-covered tortoise"? They borrowed my nickname for my beloved 386 SX-16 !

    1. Re:They took it! by Creepy+Crawler · · Score: 2, Funny

      No no.. That would be "Rigor Mortis Tortoise"

      --
  3. I'm not dead yet! by Ayanami+Rei · · Score: 2, Interesting

    That's awesome.

    FYI: The local root exploits were fixed in various .40-pre patches, but they hadn't actually released a new stable version... not until after that interview a few days ago... :-)

    Way to give it a kick in the ass!

    --
    THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
  4. Re:local root by IshanCaspian · · Score: 2, Informative

    The older kernels aren't really useful for most things we associate linux with...if you need a stripped-down kernel for an embedded device, local root holes don't matter.

    --

    But there is another kind of evil that we must fear most... and that is the indifference of good men.
  5. Re:local root by tao · · Score: 5, Informative

    Well, I released patch-2.0.40-pre1 (the first pre-patch for the 2.0.40-kernel) very soon after I first got to know about the exploit (in 2001), so no, I don't feel particularly guilty about this. People who still use 2.0-kernels for their machines shouldn't use them for multi-user purposes in a hostile environment (and firewall them _very_ carefully if they dare to connect them to the Internet), something I have stated publicly several times.

    Of course I still include fixes for this kind of bugs when I get reports about them, but I won't rush a new 2.0-kernel when a new exploit surfaces, just a new pre-patch with the fix. If I had a broad user-base that could test every pre-patch thoroughly and provide me with feedback, the situation might've been different.

    Regards: David Weinehall

  6. Hey that's nothing... by stefanlasiewski · · Score: 2, Interesting

    Ha, that's nothing.

    This guy is still maintining the Linux 0.02 branch, and STILL hasn't released an update in over 13 years!

    --
    "Can of worms? The can is open... the worms are everywhere."
  7. 2.0 can still have its uses by mnmn · · Score: 4, Informative

    For machines with little RAM and extremely slow CPUs, this kernel kicks ass. If it can work beautifully on a 386-sx with 256MB hdd and 4MB Ram, (even 2mb if you push it), you can have embedded devices with slightly more ram using this kernel. If people can fit a tiny distro say on 64MB flash and let it run on 4MB ram, there are ARM MCUs with 4MB on board which you can gang up with 64MB flash and you'll have a linux box you can put in your ear.

    All of a sudden QNX has another competition. Who knows the next Spirit or Opportunity might run Linux (although I'd strongly recommend them to use IBM microdrive and use kernel 2.4).

    --
    "Give orange me give eat orange me eat orange give me eat orange give me you." -Nim Chimpsky
  8. Advantages of 2.0 over 2.2? by jensend · · Score: 3, Interesting

    I'm just curious- why would one want to use 2.0 over 2.2? I understand the reasons one might want to use a kernel from before the 2.4 series on lower end or embedded devices (I installed a 2.2 kernel on a 486 laptop not all that long ago)- but I've been under the impression that 2.2 offered a lot of gains over 2.0 without being noticeably "heavier". For what things is the 2.0 kernel series more suitable than 2.2, and why?

  9. Re:local root by tao · · Score: 3, Informative

    The reason I recommend people not to use 2.0 in a hostile multi-user environment, is because the feedback I receive for every new release (or pre-release) of 2.0 is virtually non-existing; I think the record feedback for a release is somewhere in the vicinity of 10 users. Furthermore, no large distribution runs the 2.0-kernel any longer, thus no active auditing takes place.

    Also, since any large code-rewrites is out of the question for the 2.0-series, so some things are not fixable at all.

    I never said the 2.0-series has got a lot of exploits that's known to me; all known exploits are, to the best of my knowledge, fixed in 2.0.40. And I never said I didn't bother to fix them (read my post again!) I just said I won't bother rushing out a new release (as in a 2.0.41, 2.0.42, ...) if a new exploit is discovered, I only release a new pre-patch.

    Regards: David Weinehall