On Monday 29 September 2003 11:41 am, Jan Wieck wrote: > Tom Lane wrote: > > I do agree that people running that old a Linux distro need to think > > about updating more than just Postgres, though. They have kernel bugs > > as well as PG bugs to fear :-(
> Plus all the well known vulnerabilities used by worms and root kits ... Assuming the db server is exposed directly to the Internet. I know of old, obscurity-secured systems with none of the development tools necessary to use a rootkit (and rootkits are extremely rare in precompiled form for things that old and uncommon), and running none of the traditionally exploited services. A Red Hat 5.2 server running only PostgreSQL 6.3.2, for instance, can be made very secure without upgrades by disposing of vulnerable services and running the latest and greatest 2.0.x series kernel (2.0.40, IIRC). And once such a server is running on, say, a dual PPro 200 and serving up queries at the design rate, what is the impetus and motivation to upgrade? Furthermore, if one were leery of the SCO business with Linux 2.4.x and later, then one would be running a 2.0.x or 2.2.x kernel based system anyway, where SCO has not made any claims. This brings us back to a Red Hat 5.2 for 2.0.x or Red Hat 7.0 (not 7.1 or later) for 2.2.x. Although Red Hat 6.2 is a safer bet for a 2.2.x based system. Just make sure to update it before connecting it to the Internet, if it is to be connected to the Internet. Or don't run the rootable services that 6.2 has out of the box. 7.3.4 is buildable on 6.2, which makes it a nice balance point for those who want to do this sort of thing. -- Lamar Owen Director of Information Technology Pisgah Astronomical Research Institute 1 PARI Drive Rosman, NC 28772 (828)862-5554 www.pari.edu ---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives? http://archives.postgresql.org