[TriLUG] oldest production linux box

Mike M linux-support at earthlink.net
Fri Mar 5 12:33:29 EST 2004


On Thu, Mar 04, 2004 at 08:05:28PM -0500, Jeremy Portzer wrote:
> > I am guessing that keeping a sub 2.2 kernel based system up to date is
> > similar to maintaining a Gentoo system.  
> 
> Um, not really.  Gentoo doesn't really require you to figure out
> dependencies and run configure and make commands yourself... it's all
> predetermined by the Gentoo developers in the "ebuild" files.  Trying to
> maintain a seriously old system would require a LOT of custom compiling,
> patching, and even coding.  Much more difficult than Gentoo.

Gentoo is higher on the food chain than I thought it was.  Then, how
about Linux From Scratch - would using a sub 2.2 kernel safely be a
LFS project? 

http://lfs.130th.net/lfs/whatislfs.html

...which in no way mitagates your admonishment that maintaining "a
seriously old system would require a LOT of custom compiling,
patching, and even coding." 

It's that last part about coding that most concerns me.  I do not know if 
OpenSSL or
OpenSSH tests against older kernels.  There is no way that I would trust 
myself to backport a security app to an older kernel.  In fact, that
might be my acid test - the oldest kernel I would consider using is the
oldest kernel supported by OpenSSH.

A quick scan of the Portable OpenSSH website did not yield information on what
was the lowest Linux kernel it would work with.

http://www.openssh.com/portable.html

Here's a hint that kernel 2.0 is working with OpenSSH despite a little 
problem with priviledge separation:

http://lists.debian.org/debian-bsd/2003/debian-bsd-200304/msg00006.html

Here's the 2.0.40 Change Log.  It even contains some humor.  The
relevant bit from 2.0.40-rc8 is this:

o	Correct AF_UNIX fd-passing		(Michael Deutschmann)
	semantics to match what OpenSSH
	expects
		
http://kernel.org/pub/linux/kernel/v2.0/ChangeLog-2.0.40

Well...it might be possible to make a secure machine using 2.0.40 kernel
and linuxfromscratch techniques, but this approach makes using xBSD look 
like a cakewalk :).
-- 
Mike

When the correction first comes, we tend to underreact. While we do not 
like the surprise, we tend to think of it as maybe a one-time thing. 
Things, we believe, will soon get back to normal. We do not scale back 
our expectations sufficiently. It apparently takes years for this to 
work itself out. - John Mauldin



More information about the TriLUG mailing list