Re: thoughts on kernel security issues

From: Marek Habersack
Date: Fri Jan 14 2005 - 08:57:27 EST

Next message: Tim Schmielau: "swapspace layout improvements advocacy"
Previous message: Marcelo Tosatti: "Re: 2.4.28 crashes with BUG at page_alloc.c:144"
In reply to: Alan Cox: "Re: thoughts on kernel security issues"
Next in thread: Marcelo Tosatti: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jan 14, 2005 at 11:22:49AM +0100, Wichert Akkerman scribbled:
> Previously Marek Habersack wrote:
> > So it sounds that we, the men-in-the-crowd are really left out in the crowd,
> > people who are affected the most by the issues. Since the vendors are not
> > affected by the bugs (playing a devil's advocate here), since they fix them
> > for their machines as they appear, way before they get public.
>
> vendor suffer from that as well. Suppose vendors learn of a problem in
> a product they visibly use such as apache or rsync. If all vendors
> suddenly update their versions or disable things that will be noticed as
> well, so vendors can't do that.
So yet another reason why such closed list does more harm than good - it
hurts security, if what you said above does happen.

regards,

marek

Attachment: signature.asc
Description: Digital signature

Next message: Tim Schmielau: "swapspace layout improvements advocacy"
Previous message: Marcelo Tosatti: "Re: 2.4.28 crashes with BUG at page_alloc.c:144"
In reply to: Alan Cox: "Re: thoughts on kernel security issues"
Next in thread: Marcelo Tosatti: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]