Re: Linux Kernel Audit Project?

From: Diego Calleja
Date: Mon Jan 17 2005 - 08:14:00 EST

Next message: Tigran Aivazian: "Re: [discuss] booting a kernel compiled with -mregparm=0"
Previous message: Geert Uytterhoeven: "Re: [PATCH] SCSI NCR53C9x.c: some cleanups"
In reply to: John Richard Moser: "Re: Linux Kernel Audit Project?"
Next in thread: John Richard Moser: "Re: Linux Kernel Audit Project?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

El Mon, 17 Jan 2005 02:40:06 -0500 John Richard Moser <nigelenki@xxxxxxxxxxx> escribió:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On the same line, I've been graphing Ubuntu Linux Security Notices for a
> while. I've noticed that in the last 5, the number of kernel-related
> vulnerabilities has doubled (3 more). This disturbs me.

Most of the latest (ie: 2004) serious kernel holes (if not all) have been
found by the isec.pl guys (http://www.isec.pl/vulnerabilities.html), specially
Paul Starzetz. While they're not a "auditing project", the effect they're
having is the same.

(By the way, secunia reports that 48% of the vulnerabilities reported for
the linux kernel are not patched http://secunia.com/product/2719/ . I guess
they can't notice when bugs are fixed but I hope there's not any open hole
left)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tigran Aivazian: "Re: [discuss] booting a kernel compiled with -mregparm=0"
Previous message: Geert Uytterhoeven: "Re: [PATCH] SCSI NCR53C9x.c: some cleanups"
In reply to: John Richard Moser: "Re: Linux Kernel Audit Project?"
Next in thread: John Richard Moser: "Re: Linux Kernel Audit Project?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]