LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 06-07-2010, 09:47 AM   #1
Iwantslack
Member
 
Registered: Dec 2008
Posts: 31

Rep: Reputation: 2
Is Slackware Secure?


Hy folks,

I`m using Slackware since 3 years now and im very Satisfied with it. But:

Is Slackware a secure System?
I mean, Fedora,Suse,Ubuntu,etc get a hell of a lot Security patches and Slackware just gets a few.
I`m asking because i installed Fedora on my Notebook and after the install i had to update my System with quite some patches.

Please dont get this wrong. I really like Slack. But i have to ask

EDIT: What are you doing to secure your Slackbox?

Last edited by Iwantslack; 06-07-2010 at 09:49 AM.
 
Old 06-07-2010, 10:02 AM   #2
hitest
Guru
 
Registered: Mar 2004
Location: Prince Rupert, B.C., Canada
Distribution: Slackware, OpenBSD
Posts: 5,779

Rep: Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901Reputation: 1901
Quote:
Originally Posted by Iwantslack View Post
Hy folks,

I`m using Slackware since 3 years now and im very Satisfied with it. But:

Is Slackware a secure System?
I mean, Fedora,Suse,Ubuntu,etc get a hell of a lot Security patches and Slackware just gets a few.
I`m asking because i installed Fedora on my Notebook and after the install i had to update my System with quite some patches.

Please dont get this wrong. I really like Slack. But i have to ask

EDIT: What are you doing to secure your Slackbox?
I installed Slackware 13.1 to my Toshiba NB200 notebook on Saturday and I am very happy with it. Yes. Slackware is very secure. As security patches become available for Firefox, Thunderbird, etc., they are made available to you. You can update your Slackware system with the latest security patches using slackpkg. To use slackpkg you will need to uncomment one mirror in the following file using your favourite text editor (don't forget to remove the space in front of the # when you remove it). See the slackpkg link in my signature.

/etc/slackpkg/mirrors

To update slackpkg, install new software, and upgrade your system with security patches.

# slackpkg update

# slackpkg install-new

# slackpkg upgrade-all
 
Old 06-07-2010, 10:12 AM   #3
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware-current
Posts: 5,196

Rep: Reputation: 1855Reputation: 1855Reputation: 1855Reputation: 1855Reputation: 1855Reputation: 1855Reputation: 1855Reputation: 1855Reputation: 1855Reputation: 1855Reputation: 1855
This thread provides information about security.
http://www.linuxquestions.org/questi...he-box-698446/
 
Old 06-07-2010, 10:13 AM   #4
Iwantslack
Member
 
Registered: Dec 2008
Posts: 31

Original Poster
Rep: Reputation: 2
Thanks for your reply hitest. I know Slackpkg. What i mean is the mass of updates in other Distros.
 
Old 06-07-2010, 10:26 AM   #5
disturbed1
Senior Member
 
Registered: Mar 2005
Location: USA
Distribution: Slackware
Posts: 1,133
Blog Entries: 6

Rep: Reputation: 223Reputation: 223Reputation: 223
Quote:
Originally Posted by Iwantslack View Post
I mean, Fedora,Suse,Ubuntu,etc get a hell of a lot Security patches and Slackware just gets a few.
I`m asking because i installed Fedora on my Notebook and after the install i had to update my System with quite some patches.
You need to consider what the other distros are patching. Quite a few times those security updates are for packages Slackware does not ship, reverse distro applied hacks, or just don't apply to the version/configuration Slackware uses. When there's an actual CVE listed for a package that has shipped with and effects Slackware, it gets updated.

I subscribe to the mailing lists, and rss changelog feeds, plus rsync with the mirrors when needed. Our systems have slackpkg pointed to the local file server, that way I only need to hit a remote mirror once to update all the PCs.
 
Old 06-07-2010, 11:07 AM   #6
GazL
LQ Guru
 
Registered: May 2008
Posts: 5,021
Blog Entries: 16

Rep: Reputation: 2623Reputation: 2623Reputation: 2623Reputation: 2623Reputation: 2623Reputation: 2623Reputation: 2623Reputation: 2623Reputation: 2623Reputation: 2623Reputation: 2623
I guess it depends on your definition of 'secure'.

I've noticed that Pat doesn't always ship kernel updates. Slackware 12.2 still uses kernel 2.6.27.31 (from ftp patches directory), yet upstream are now up to 2.6.27.47. I suspect the same must also be true of other packages.

I've no idea what criteria Pat uses to decide whether to issue a patch or not. It can seem quite arbitrary at times. I think it's reasonable to assume that anything with significant risk of exploit will get patched. As for the lesser stuff, I simply don't know.
 
Old 06-07-2010, 11:22 AM   #7
forrestt
Senior Member
 
Registered: Mar 2004
Location: Cary, NC, USA
Distribution: Fedora, Kubuntu, RedHat, CentOS, SuSe
Posts: 1,288

Rep: Reputation: 99
The distros you mention will generate a patch for a specific piece of software, and include it in the package they provide. They will then submit that patch up to the maintainer of the piece of software with the hopes that it will be put into the original at some point.

From my understanding (I'm not a Slackware user) Slackware just gets software from the maintainer. This means the software doesn't change as much since they don't put out their own patch and follow it through the next versions of software and then remove their patch when the original software is patched in what may be a different manner.

This MAY result in a security hole being open longer, but I would guess that since most of the software included in Slack is not bleeding edge, and typically well maintained by the maintainers that this isn't the case often.

Forrest
 
Old 06-07-2010, 11:24 AM   #8
dive
Senior Member
 
Registered: Aug 2003
Location: UK
Distribution: Slackware
Posts: 3,382

Rep: Reputation: Disabled
I think all the important stuff comes as needed. It is mostly security fixes I think unless some critical bug is found, but given Slackware's history of using the most stable versions of software that seems a bit of a remote chance.

The best way to stay secure is to get on the security mailing list and watch out for updates.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Just installed Slackware 12.1 - How do i Secure it? corporatepig Slackware 3 08-13-2008 04:22 AM
how would you secure slackware ? Carpo Slackware 39 04-02-2008 11:13 AM
Help Secure my Slackware 9.1 box Smokey Slackware 6 09-16-2004 09:29 AM
Slackware Secure ??? MichaelHall Slackware - Installation 5 03-01-2004 03:58 PM
How to secure slackware 9 Homzz Slackware 8 05-28-2003 12:23 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 01:00 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration