POLL: How many revisions behind is acceptable for a Linux kernel?



  • I'm building a script that polls kernel.org and then compares the version against what we have for all of our hosts. How many revisions behind do you find acceptable to have for the Linux kernel? I'm thinking 5 would be an acceptable buffer, 3 preferable? I don't have any idea how to back those numbers up.



    Reminder: versioning numbers are in the format: $major.$minor.$revision.$build



  • Are these development boxes or what? We still have equipment going out with 2.6.19 on them due to one of the modules on there not working very well (i.e. not at all) with anything higher.



  • @PJH said:

    Are these development boxes or what? We still have equipment going out with 2.6.19 on them due to one of the modules on there not working very well (i.e. not at all) with anything higher.
    Yeah, we want to keep them as patched as possible, but still have a bit of leeway.



  • It depends a lot on the purpose of the machine and the precieved risk.  For a production web server I would try to stay reasonably up-to-date, but instead of just upgrading whenever a new version hits, just subscribe to some kernel security list and scan what is happening. More often then not it is the security fix you want to ugprade for, not the inclusion of yet another new webcam driver.



  • If you have non-trusted users with shell access, the answer is: 0. Privilege escalation is a frequent problem with Linux.

    Otherwise, I'd stick with a kernel that works(tm), with remote-exploitable network driver security holes the only exception.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.