Kernel security update would break ABI
Daniel Miller
sound.the.shofar at gmail.com
Fri Dec 3 04:46:22 CST 2004
I'm for bumping the version number, only after getting the word out by
all means possible, as to the effects of doing such. Having
unloadable user modules modules is a much better option than having a
system comprosmised, in my opinion.
Kind Regards,
Daniel Miller
On Fri, 3 Dec 2004 11:30:30 +0100, Martin Pitt <martin at piware.de> wrote:
> Hi folks!
>
> We currently have a dilemma regarding a Warty security update of the
> kernel.
>
> There is a public vulnerability which affects the Warty kernel. We
> have a patch and could upload it any time, but this patch changes the
> ABI (Application Binary Interface). This should actually be
> unacceptable for a security update, but it is required to close the
> hole.
>
> An ABI change has the following consequences:
>
> - This would render d-i unbuildable on a security-patched Warty.
> However, according to Colin we can neglect that.
>
> - It breaks compatibility with user-installed modules, which is the
> actual headache.
>
> There are two possibilities of handling the module issue:
>
> 1. Ignore the ABI change and hope that most of the user installed
> modules continue to work (but if they don't, this could cause a
> mess).
>
> 2. Bump the version number, which renders all user-added modules
> unloadable. They have to be recompiled against the new kernel to
> work again.
>
> Any thoughts and/or preferences?
>
> Thanks and have a nice day,
>
> Martin
>
> --
> Martin Pitt http://www.piware.de
> Ubuntu Developer http://www.ubuntulinux.org
> Debian GNU/Linux Developer http://www.debian.org
>
>
> --
> ubuntu-devel mailing list
> ubuntu-devel at lists.ubuntu.com
> http://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
>
>
>
>
More information about the ubuntu-devel
mailing list