Slashdot Mirror
Kernel 2.4.26 Out
StupidKatz writes "Fresh from the oven, the fine folks at kernel.org have released 2.4.26, filled with such yummy goodness as fixes for those damnable mmap() vulns, among other things. Remember to use your favorite mirror!"
← Back to Stories (view on slashdot.org)
Linux trying to match up Microsoft's security releases? +P
-------
FM Clan
mmmhmmm, i cant wait to get my lil hanies on this one... too bad im on a lousy 56k while my ISP restructures... arrgh
Safe Journeys Space Fan, Where Ever You Are
When are they going to start using bittorrent to start distributing these things?
Two days after I upgrade to 2.6.5. Wonderful.
Never in a million years would I have guessed it was gay.
Dude, you downloaded the Mac version. You need to be sure to get linux-2.4.6.exe.
Servers at work for example all run 2.4.x. It will be hell to unleash 2.6.x just like that.
And 2.4 works great - why break something that works fine? We haven't run into any issues whatsoever.
On my Debian box, I run 2.6 but users aren't depending on it to work without issues.
Stability. Not every linux installation is on some geeks desk, some applications and installations require absolute stability, or as close as you can get, that means nothing but bug fixes. 2.6 might be called the stable branch, but its relatively untested compared to 2.4. Other then that, give me one good reason to move my 486 to 2.6.
"I use a Mac because I'm just better than you are."
I've just got to say, I think Marcello's done a great job on the 2.4 series. For having to be part political leader, part CS genious, and part referee he's not given many people a reason to complain.
2.6 is alot bigger than 2.4, so if you are running on a slow computer, or perhaps a low-memory computer built into something (fridge or car?) you might want to use 2.4 or maybe 2.2
And we've always got the really conservative "in my days the kernel was 200 Kb of sourcecode"-people.
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
Damn. Maybe I should switch to Windows. Oh.. wait..
Domain name registration for $8.79 per year
879domains.co
There are a few things that aren't quite up to speed in 2.6, such as my nforce2 drivers.
That said, the whole idea of numbering system for linux kernels is that a user/company can keep using known stable kernels until they are comfortable/able to switch to the next kernel set.
There are still businesses out there running 2.2 and 2.0, from what I read on slashdot.
Cogito ergo sum in Slashdot.
Philippe Troin is one of many who crossed-checked the CAN list. Here are the relevant fixes in 2.4.26.
Well... in the case of my servers - I would need up go to dump the debian/stable modutils in favour of the (I believe still debian/unstable) module loader for a 2.6 kernel (can't remember which it is, but I've done it a few times upgrading desktops). This of course requires upgrading a bunch of other dependant crap.
And then there's the 3rd-party drivers. RAID controllers, etc etc. Yes, I know 2.6 is supposed to possibly figure out drivers from older kernels, but do I really want to trust that? Some of these don't have 2.6 drivers. Hell, for some they 2.4 drivers were a recent thing... I had a machine which I called the vendor to specifically get a 2.4.xx driver for a multi-modem system since the box was still running 2.2 before a hardware upgrade.
Being at the latest-and-greatest is good if it provides a noticable benefit vs the drawbacks up grading. In this case, it doesn't.
Okay... This is the result of a cursory check, do your homework folks!
The R128 DRI bounds checking bug is a potential local root exploit.
According to this patch 2.4.26 contains the fix.
The isofs bug. It is locally exploitable iff you have hardware access or if you can induce someone to mount a compromised medium.
The ext3 information leak. It cannot lead to any exploit and has only the tiniest chances of giving an attacker any usable information.
The SoundBlaster Denial of Service.
But no, no mremap issues...
</KARMA>
I don't think it's an arduous task... I thought it was going to be a big task too, until I asked on the Gentoo forums. I was told that I just need to do the usual "compile sources, update bootloader" procedure.
Or maybe that only works with Gentoo...?
Duct tape is like the Force. It has a light side, a dark side, and it holds the universe together.
Debian users need new news too I guess.
You can't alter the site just because some windows-scumbags start liking it. Instead, you make it render really bad in IE and lock up windows so that they need to start using a proper OS.
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
give me one good reason to move my 486 to 2.6
Cause it'll run like a 586!
My P133 thanks me every morning for giving it a 2.6 kernel.
The 2.6 kernel is quite a bit faster if stuff like performance matters to you. Think back to when you had a 2.2 kernel on there, why'd you upgrade to 2.4 again?
CmdrTaco: You want news? /. editors. You have that luxury. You have the luxury of not knowing what I know: that this 2.4 kernel release, while tragically dull, probably saved lives. And my existence, while grotesque and incomprehensible to you, saves lives...You don't want the stuff that matters.
ScottGant: I think I'm entitled to it.
CmdrTaco: You want news?
ScottGant: I want stuff that matters!
CmdrTaco: You can't handle stuff that matters!
Son, we live in a world that has firewalls. And those firewalls have to be guarded by admins with stable kernels. Who's gonna do it? You? You, ScottGant? I have a greater responsibility than you can possibly fathom. You weep for Stanford and you curse the
We use words like integrity, dupes,stability...we use these words as the backbone to a life spent defending something. You use 'em as a punchline. I have neither the time nor the inclination to explain myself to a man who rises and sleeps under the blanket of the very security I provide, then questions the manner in which I provide it! I'd rather you just said thank you and went on your way. Otherwise, I suggest you pick up a cheap hosting company and run a website. Either way, I don't give a damn what you think you're entitled to!
I really need some sleep.
Have you looked at 2.6-tiny?
http://www.selenic.com/tiny/
"The aim of this tree is to collect patches that reduce kernel disk and memory footprint as well as tools for working on small systems. Target users are things like embedded systems, small or legacy desktop folks, and handhelds."
I changed it up a bit ... the essence is the same though.
A Few Good Admins
"Admin: You want news?"
"User: I think I'm entitled to it."
"Admin: You want news?"
"User: I want news for nerds. I want stuff that matters!"
"Admin: Son, we live in a world that has firewalls. And those firewalls have to be guarded by admins with stable kernels. Who's gonna do it? You? You, Mr. "MCSE"? I have a greater responsibility than you can possibly fathom. You weep for Microsoft and you curse Open Source. You have that luxury. You have the luxury of not knowing what I know: that this 2.6 kernel release, while tragically dull to you, probably saved lives. And my existence, while grotesque and incomprehensible to you, saves lives...You don't want the stuff that matters.
We use words like redundancy, fault tolerance, high availability, secure shells...we use these words as the backbone to a life spent defending something. You use 'em as a punchline. I have neither the time nor the inclination to explain myself to a man who logons to my Network and surfs the Internet under the blanket of the very security I provide, then questions the manner in which I provide it! I'd rather you just said thank you and went on your way. Otherwise, I suggest you pick up a stack of O'Reilly Books and build your own Network. Either way, I don't give a damn what you think you're entitled to!"
'NFS: Make sure that fsync() flushes all pending file data to disk. The current call to nfs_wb_file() will fail to flush out mmapped() dirty pages.'
What a day! The kernel upgrade released with DSA 479-1 was broken. Ext3 filesystems unmounable as it would appear the kernel module was missing from the initrd file (my guess, but seems logical). Quarter of an hour after I figured out that kernel-image-2.4.18-1-686_2.4.18-13_i386.deb was 1.1MB and obviously wrong I got another email from Martin Schulze announcing DSA 479-2. A quick check indicates it's a more reasonable size at 8.3MB.
:( Their updates go so smoothly normally that it's easy to become complacent and not do things with enough process.
Some egg on Debian's face today
Lessons:
1) Patch a test system first if you have access to one
2) Make sure your boot loader will boot from the old kernel after upgrading
3) Have a boot disk handy
4) Debate whether you can wait a few days before patching or whether the security liability is too high.
>2.6 is alot bigger than 2.4, so if you are running on a slow computer, or perhaps a low-memory computer built into something (fridge or car?) you might want to use 2.4 or maybe 2.2
That's interesting. I suppose for ultra low memory situations, it might be easier to stick with 2.4... I wonder how much different the memory footprint is for an absolutely bare-bones kernel. I suspect the difference would not be large, and may even be negative. If you want to run some applications in addition to the kernel, you probably want to go with 2.6 for its enhanced memory management.
If you're talking raw speed, 2.6 clearly wins, even on slower processors.
Remember, Linux is not like Windows. It usually gets FASTER with each release.
- JFS: Add lots of missing statics and remove dead code
- JFS: Prevent hang in __lock_metapage
- JFS: Fix race in jfs_sync
Not only are those pesky hippie theives stole our precious JFS, they're also fixing bugs in it. Curse them!"
Consultancy: If you're not part of the solution, there's money to be made in prolonging the problem
Anyone know whether LVM2 got into this kernel?
Stephen
I wouldn't say that 50% are "windows based". I'd say a good portion of the number just believe in using the best tool for the job. I personally have about 5 debian machines, but my desktop and laptop are Windows (w/ vmwared linux machines for when I really need it). So, the computer I post to slashdot on is "windows based", but I have more linux machines. It's simply because I use the best tool for the job, and linux kicks ass for what I use it for, but isn't quite up to snuff on the desktop yet. I'd bet a good portion of the people that post to slashdot and use windows on thier desktop feel the same way.
The reason for not upgrading is that the newer the kernel, the slower the PC. If it wasn't that 2.4 provides journaling fs, I'd probably still use 2.0.38 these days. Btw, now that 2.6 is out I'm really reconsidering FreeBSD.
For those who don't like 1000 line changelogs, here are the changes that Marcello specifically mentioned on his -pre and -rc lkml postings:
- Run Your own Linux Server on The Latest and Greatest 2.4 or 2.6 Kernel
If it's got a low amount of ram, having the new io scheduler would be quite nice. If you use a 486 as a mail server as I do, this can result in some benefit.
He who laughs last is stuck in a time dilation bubble.
They did:
2.6.5
2.6.4
Since slashdot is a major place to discuss and learn about linux, I think it's newsworthy because the kernel is the heart of linux. This is always the first place I hear about new kernels, plus the discussions usually tell what is new in it so I dont have to sift through the changelogs.
You clearly haven'y spent much time reading the linux kernel mailing list.
Kernel development is actually remarkably unpolitical. That list is dominated by technical discussion not politics. I'm not saying that politics doesn't come up (especailly just after Linus started using bitkeeper :-) but for the most part it's an extreamely technical forum - as it should be.
Linux may not be on the top of the heap, but it's climbing it, not falling back. I'd suggest that that is an indication that the speed of development is just fine.
Maybe they were fooled by all these talk about backdoors and BackOrifice.
It's not hard at all. Well, no harder than upgrading to a newer 2.4. I just upgraded to 2.6.x other day, and it was easy. Just check to make sure everything you need is enabled in the config, and that's all you have to worry about.
/usr/src /boot/grub/grub.conf
I suppose it depends on your distro tho...I'm a Gentoo user, so I don't know how it's different on another distro.
FYI, on Gentoo it went something like:
$ su
# emerge -v gentoo-dev-sources
# cd
# rm -f linux
# ln -s linux-2.6.5-gentoo linux
# genkernel all --xconfig
(insert configuration here)
# nano -w
(insert bootloader editing here)
Btw, the new Qt-based xconfig rules. I remember hating the old xconfig (and actually preferring menuconfig), but qconf is great.
I support the Center for Consumer Freedom