Slashdot Mirror
Kernel 2.4.26 Out
StupidKatz writes "Fresh from the oven, the fine folks at kernel.org have released 2.4.26, filled with such yummy goodness as fixes for those damnable mmap() vulns, among other things. Remember to use your favorite mirror!"
← Back to Stories (view on slashdot.org)
Servers at work for example all run 2.4.x. It will be hell to unleash 2.6.x just like that.
And 2.4 works great - why break something that works fine? We haven't run into any issues whatsoever.
On my Debian box, I run 2.6 but users aren't depending on it to work without issues.
Stability. Not every linux installation is on some geeks desk, some applications and installations require absolute stability, or as close as you can get, that means nothing but bug fixes. 2.6 might be called the stable branch, but its relatively untested compared to 2.4. Other then that, give me one good reason to move my 486 to 2.6.
"I use a Mac because I'm just better than you are."
2.6 is alot bigger than 2.4, so if you are running on a slow computer, or perhaps a low-memory computer built into something (fridge or car?) you might want to use 2.4 or maybe 2.2
And we've always got the really conservative "in my days the kernel was 200 Kb of sourcecode"-people.
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
There are a few things that aren't quite up to speed in 2.6, such as my nforce2 drivers.
That said, the whole idea of numbering system for linux kernels is that a user/company can keep using known stable kernels until they are comfortable/able to switch to the next kernel set.
There are still businesses out there running 2.2 and 2.0, from what I read on slashdot.
Cogito ergo sum in Slashdot.
Philippe Troin is one of many who crossed-checked the CAN list. Here are the relevant fixes in 2.4.26.
Okay... This is the result of a cursory check, do your homework folks!
The R128 DRI bounds checking bug is a potential local root exploit.
According to this patch 2.4.26 contains the fix.
The isofs bug. It is locally exploitable iff you have hardware access or if you can induce someone to mount a compromised medium.
The ext3 information leak. It cannot lead to any exploit and has only the tiniest chances of giving an attacker any usable information.
The SoundBlaster Denial of Service.
But no, no mremap issues...
</KARMA>
If you set up a static mapping on your firewall on the right port, it works much better.
chris@xanadu:~$ whatis /.
/.: nothing appropriate.
give me one good reason to move my 486 to 2.6
Cause it'll run like a 586!
My P133 thanks me every morning for giving it a 2.6 kernel.
The 2.6 kernel is quite a bit faster if stuff like performance matters to you. Think back to when you had a 2.2 kernel on there, why'd you upgrade to 2.4 again?
Excuse me?
kernel-image-2.6-386 - Linux kernel image for version 2.6 on 386.kernel-image-2.6-686 - Linux kernel image for version 2.6 on PPro/Celeron/PII/PIII/PIV.
kernel-image-2.6-686-smp - Linux kernel image for version 2.6 on PPro/Celeron/PII/PIII/PIV SMP.
kernel-image-2.6-k7 - Linux kernel image for version 2.6 on AMD K7.
kernel-image-2.6-k7-smp - Linux kernel image for version 2.6 on AMD K7 SMP.
kernel-image-2.6.3-1-386 - Linux kernel image for version 2.6.3 on 386.
kernel-image-2.6.3-1-686 - Linux kernel image for version 2.6.3 on PPro/Celeron/PII/PIII/PIV.
kernel-image-2.6.3-1-686-smp - Linux kernel image for version 2.6.3 on PPro/Celeron/PII/PIII/PIV SMP. kernel-image-2.6.3-1-k7 - Linux kernel image for version 2.6.3 on AMD K7.
kernel-image-2.6.3-1-k7-smp - Linux kernel image for version 2.6.3 on AMD K7 SMP.
kernel-image-2.6.4-1-386 - Linux kernel image for version 2.6.4 on 386.
kernel-image-2.6.4-1-686 - Linux kernel image for version 2.6.4 on PPro/Celeron/PII/PIII/PIV.
kernel-image-2.6.4-1-686-smp - Linux kernel image for version 2.6.4 on PPro/Celeron/PII/PIII/PIV SMP.
kernel-image-2.6.4-1-k7 - Linux kernel image for version 2.6.4 on AMD K7.
kernel-image-2.6.4-1-k7-smp - Linux kernel image for version 2.6.4 on AMD K7 SMP.
kernel-image-2.6.5-1-386 - Linux kernel image for version 2.6.5 on 386.
kernel-image-2.6.5-1-686 - Linux kernel image for version 2.6.5 on PPro/Celeron/PII/PIII/PIV.
kernel-image-2.6.5-1-686-smp - Linux kernel image for version 2.6.5 on PPro/Celeron/PII/PIII/PIV SMP.
kernel-image-2.6.5-1-k7 - Linux kernel image for version 2.6.5 on AMD K7.
kernel-image-2.6.5-1-k7-smp - Linux kernel image for version 2.6.5 on AMD K7 SMP.
kernel-tree-2.6.3 - Linux kernel tree for building prepackaged Debian kernel images
kernel-tree-2.6.4 - Linux kernel tree for building prepackaged Debian kernel images
kernel-tree-2.6.5 - Linux kernel tree for building prepackaged Debian kernel images
kernel-image-2.6.4 - Linux kernel binary image for version 2.6.4.
kernel-image-2.6.1 - Linux kernel binary image for version 2.6.1.
kernel-image-2.6.3 - Linux kernel binary image for version 2.6.3.
Have you looked at 2.6-tiny?
http://www.selenic.com/tiny/
"The aim of this tree is to collect patches that reduce kernel disk and memory footprint as well as tools for working on small systems. Target users are things like embedded systems, small or legacy desktop folks, and handhelds."
I changed it up a bit ... the essence is the same though.
A Few Good Admins
"Admin: You want news?"
"User: I think I'm entitled to it."
"Admin: You want news?"
"User: I want news for nerds. I want stuff that matters!"
"Admin: Son, we live in a world that has firewalls. And those firewalls have to be guarded by admins with stable kernels. Who's gonna do it? You? You, Mr. "MCSE"? I have a greater responsibility than you can possibly fathom. You weep for Microsoft and you curse Open Source. You have that luxury. You have the luxury of not knowing what I know: that this 2.6 kernel release, while tragically dull to you, probably saved lives. And my existence, while grotesque and incomprehensible to you, saves lives...You don't want the stuff that matters.
We use words like redundancy, fault tolerance, high availability, secure shells...we use these words as the backbone to a life spent defending something. You use 'em as a punchline. I have neither the time nor the inclination to explain myself to a man who logons to my Network and surfs the Internet under the blanket of the very security I provide, then questions the manner in which I provide it! I'd rather you just said thank you and went on your way. Otherwise, I suggest you pick up a stack of O'Reilly Books and build your own Network. Either way, I don't give a damn what you think you're entitled to!"
'NFS: Make sure that fsync() flushes all pending file data to disk. The current call to nfs_wb_file() will fail to flush out mmapped() dirty pages.'
What a day! The kernel upgrade released with DSA 479-1 was broken. Ext3 filesystems unmounable as it would appear the kernel module was missing from the initrd file (my guess, but seems logical). Quarter of an hour after I figured out that kernel-image-2.4.18-1-686_2.4.18-13_i386.deb was 1.1MB and obviously wrong I got another email from Martin Schulze announcing DSA 479-2. A quick check indicates it's a more reasonable size at 8.3MB.
:( Their updates go so smoothly normally that it's easy to become complacent and not do things with enough process.
Some egg on Debian's face today
Lessons:
1) Patch a test system first if you have access to one
2) Make sure your boot loader will boot from the old kernel after upgrading
3) Have a boot disk handy
4) Debate whether you can wait a few days before patching or whether the security liability is too high.
It's a parody of a well-known courtroom scene from "A Few Good Men" -- the first few lines were used extensively in the ads for the movie, and if you actually saw the movie or play the longer part of the dialog would probably ring a bell as well.
IMDB (and probably a few million other sites) has the original version in their memorable quotes section for the movie version. Look for "Col Jessep" -- that's the character being parodied as "CmdrTaco" in the parent post.
A marriage is always made up of two people who are prepared to swear that only the other one snores.
As to point #2 if you install your kernel correctly in your /boot there is no need to overwrite previous kernels. Simply rename bzImage to something like kernel-2.x.yz and you're set.
/boot. All of them work [if I really wanted to I could boot 2.4.22 and use it just fine].
/lib/modules for all five kernels [it's 35M total btw] but I have some peace of mind that if the latest and greatest kernel is bunk I can revert trivially by rebooting ;-)
in fact I have 2.4.22 upto 2.4.26 in my
Sure I "waste" a bit of space in
Tom
Someday, I'll have a real sig.
For those who don't like 1000 line changelogs, here are the changes that Marcello specifically mentioned on his -pre and -rc lkml postings:
- Run Your own Linux Server on The Latest and Greatest 2.4 or 2.6 Kernel
That is not the system time. uname -a gives you a timestamp that shows when the currently running kernel was compiled.
You clearly haven'y spent much time reading the linux kernel mailing list.
Kernel development is actually remarkably unpolitical. That list is dominated by technical discussion not politics. I'm not saying that politics doesn't come up (especailly just after Linus started using bitkeeper :-) but for the most part it's an extreamely technical forum - as it should be.
Linux may not be on the top of the heap, but it's climbing it, not falling back. I'd suggest that that is an indication that the speed of development is just fine.
The isofs patch applies properly on 2.6.4. On 2.4.25, it mostly worked, but I had to add the "#include <asm/page.h>" line manually.
.ko) file into the proper place under /lib/modules, then did "rmmod isofs" and "modprobe isofs".
I had isofs compiled as a module, so I just did a "make modules" in the kernel source directory, copied the new isofs.o (or
This took about a minute on each system and didn't result in any downtime. So if you have a kernel source tree lying around with isofs as a module, it's an easy fix. And there's no need for major regression testing since only one module's affected. The R128 patch looks equally trivial, but I don't use that module. I can't find any info (or patch) for the SoundBlaster DoS, but it sounds less serious.
It's not hard at all. Well, no harder than upgrading to a newer 2.4. I just upgraded to 2.6.x other day, and it was easy. Just check to make sure everything you need is enabled in the config, and that's all you have to worry about.
/usr/src /boot/grub/grub.conf
I suppose it depends on your distro tho...I'm a Gentoo user, so I don't know how it's different on another distro.
FYI, on Gentoo it went something like:
$ su
# emerge -v gentoo-dev-sources
# cd
# rm -f linux
# ln -s linux-2.6.5-gentoo linux
# genkernel all --xconfig
(insert configuration here)
# nano -w
(insert bootloader editing here)
Btw, the new Qt-based xconfig rules. I remember hating the old xconfig (and actually preferring menuconfig), but qconf is great.
I support the Center for Consumer Freedom