Jeff Garzik <jgarzik@pobox.com> writes:
> On Thu, Mar 20, 2003 at 09:43:01PM +0100, Florian Weimer wrote:
>> Releasing an official 2.4.21 with some fixes (and no new features) is
>> just a PR issue. I've already seen people comparing the alleged IIS
>> bug (or this new IE hole) and the ptrace() bug...
>
> Comparing, how? There is no comparison.
You know it, I know it, our readers know it. But the press puts them
on the same level nevertheless.
> This specific ptrace hole is closed, yay. Now what about the other
> 10,001 that still exist? People are blowing this ptrace bug WAY
> out of proportion.
I agree completely. Local security on traditional UNIX-like systems
is *so* poor that this bug doesn't really matter. No admin of a sane
mind lets untrusted users access important systems.
> The only reason why it demands a modicum of vendor responsibility is
> that a-holes are making easy-to-use exploits available for the
> script kiddies.
No, you miss a point. These exploits are important to keep you kernel
developers honest. Otherwise, you would have fixed this quitely, like
a couple of other bugs. Admins would assume that kernels offered a
decent level of local security, which can lead to very questionable
decisions.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Mar 23 2003 - 22:00:32 EST