On Monday 29 September 2003 11:41 am, Jan Wieck wrote:
> Tom Lane wrote:
> > I do agree that people running that old a Linux distro need to think
> > about updating more than just Postgres, though. They have kernel bugs
> > as well as PG bugs to fear :-(
> Plus all the well known vulnerabilities used by worms and root kits ...
Assuming the db server is exposed directly to the Internet. I know of old,
obscurity-secured systems with none of the development tools necessary to use
a rootkit (and rootkits are extremely rare in precompiled form for things
that old and uncommon), and running none of the traditionally exploited
services. A Red Hat 5.2 server running only PostgreSQL 6.3.2, for instance,
can be made very secure without upgrades by disposing of vulnerable services
and running the latest and greatest 2.0.x series kernel (2.0.40, IIRC). And
once such a server is running on, say, a dual PPro 200 and serving up queries
at the design rate, what is the impetus and motivation to upgrade?
Furthermore, if one were leery of the SCO business with Linux 2.4.x and later,
then one would be running a 2.0.x or 2.2.x kernel based system anyway, where
SCO has not made any claims. This brings us back to a Red Hat 5.2 for 2.0.x
or Red Hat 7.0 (not 7.1 or later) for 2.2.x. Although Red Hat 6.2 is a safer
bet for a 2.2.x based system. Just make sure to update it before connecting
it to the Internet, if it is to be connected to the Internet. Or don't run
the rootable services that 6.2 has out of the box.
7.3.4 is buildable on 6.2, which makes it a nice balance point for those who
want to do this sort of thing.
--
Lamar Owen
Director of Information Technology
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC 28772
(828)862-5554
www.pari.edu