Re: [ADMIN] postgres 6.2 vacuum - Mailing list pgsql-hackers

From Lamar Owen
Subject Re: [ADMIN] postgres 6.2 vacuum
Date
Msg-id 200309291359.09320.lowen@pari.edu
Whole thread Raw
In response to Re: [ADMIN] postgres 6.2 vacuum  (Jan Wieck <JanWieck@Yahoo.com>)
List pgsql-hackers
On Monday 29 September 2003 11:41 am, Jan Wieck wrote:
> Tom Lane wrote:
> > I do agree that people running that old a Linux distro need to think
> > about updating more than just Postgres, though.  They have kernel bugs
> > as well as PG bugs to fear :-(

> Plus all the well known vulnerabilities used by worms and root kits ...

Assuming the db server is exposed directly to the Internet.  I know of old, 
obscurity-secured systems with none of the development tools necessary to use 
a rootkit (and rootkits are extremely rare in precompiled form for things 
that old and uncommon), and running none of the traditionally exploited 
services.  A Red Hat 5.2 server running only PostgreSQL 6.3.2, for instance, 
can be made very secure without upgrades by disposing of vulnerable services 
and running the latest and greatest 2.0.x series kernel (2.0.40, IIRC).  And 
once such a server is running on, say, a dual PPro 200 and serving up queries 
at the design rate, what is the impetus and motivation to upgrade?  

Furthermore, if one were leery of the SCO business with Linux 2.4.x and later, 
then one would be running a 2.0.x or 2.2.x kernel based system anyway, where 
SCO has not made any claims.  This brings us back to a Red Hat 5.2 for 2.0.x 
or Red Hat 7.0 (not 7.1 or later) for 2.2.x.  Although Red Hat 6.2 is a safer 
bet for a 2.2.x based system.  Just make sure to update it before connecting 
it to the Internet, if it is to be connected to the Internet.  Or don't run 
the rootable services that 6.2 has out of the box.

7.3.4 is buildable on 6.2, which makes it a nice balance point for those who 
want to do this sort of thing. 
-- 
Lamar Owen
Director of Information Technology
Pisgah Astronomical Research Institute
1 PARI Drive
Rosman, NC  28772
(828)862-5554
www.pari.edu



pgsql-hackers by date:

Previous
From: Tom Lane
Date:
Subject: Re: more i18n/l10n issues
Next
From: Michael Meskes
Date:
Subject: Re: ecpg doesn't compile (datetime.h/dtime_t)