Re: Proper procedure for reporting possible securityvulnerabilities?

From: Diego Calleja
Date: Mon Jan 10 2005 - 20:08:38 EST

Next message: Roland Dreier: "Re: clean way to support >32bit addr on 32bit CPU"
Previous message: Bill Davidsen: "Whatever happened to the real mode driver idea?"
In reply to: Barry K. Nathan: "Re: Proper procedure for reporting possible security vulnerabilities?"
Next in thread: Florian Weimer: "Re: Proper procedure for reporting possible security vulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

El Mon, 10 Jan 2005 16:19:01 -0800 "Barry K. Nathan" <barryn@xxxxxxxxx> escribió:

> On Mon, Jan 10, 2005 at 11:08:27PM +0100, Diego Calleja wrote:
> > They could have mailed to *THIS* mailing list, so anyone can make a patch.
>
> And abandon the whole idea of coordinated disclosure? That would put
> anyone using vendor kernels at a disadvantage (there would be a time gap
> between the vulnerability being public and the vendor kernel being
> released -- which happened anyway with uselib() but which doesn't
> *always* happen).

Yes it wouldn't be "coordinated disclosure" but at least you'd get a patch
instead of a public exploit.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Roland Dreier: "Re: clean way to support >32bit addr on 32bit CPU"
Previous message: Bill Davidsen: "Whatever happened to the real mode driver idea?"
In reply to: Barry K. Nathan: "Re: Proper procedure for reporting possible security vulnerabilities?"
Next in thread: Florian Weimer: "Re: Proper procedure for reporting possible security vulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]