The 2.4.25 Linux Kernel (cache) has been out for some time now, and after the corresponding Grsecurity (cache) patch has been made available, it was upgrade time.
I had been waiting with the upgrades for a few weeks now, despite several local root holes in recent kernels, as 2.4.25 was the first kernel with the xfs filesystem included, which I use on several important servers. The risk in waiting for so long was limited, as none of the affected systems had local users besides the system administration, and on the other hand, merging the xfs and grsecurity patches always needed quite a bit of manual intervention, as they collided in some places (mainly the ACL code).
I'm still building custom kernels for the more important systems, but it seems this is getting out of style. Perhaps some leftover from a time, when saving a bunch of kBytes on the kernel memory footprint could really make a difference.
Nowadays, I hear statements like "we don't support custom built kernels, the users are usually fucking them up anyway, and GENERIC just works" even from some of the OpenBSD people, who perhaps should know better.
I had been waiting with the upgrades for a few weeks now, despite several local root holes in recent kernels, as 2.4.25 was the first kernel with the xfs filesystem included, which I use on several important servers. The risk in waiting for so long was limited, as none of the affected systems had local users besides the system administration, and on the other hand, merging the xfs and grsecurity patches always needed quite a bit of manual intervention, as they collided in some places (mainly the ACL code).
I'm still building custom kernels for the more important systems, but it seems this is getting out of style. Perhaps some leftover from a time, when saving a bunch of kBytes on the kernel memory footprint could really make a difference.
Nowadays, I hear statements like "we don't support custom built kernels, the users are usually fucking them up anyway, and GENERIC just works" even from some of the OpenBSD people, who perhaps should know better.