Re: seccomp for 2.6.11-rc1-bk8

From: Andrea Arcangeli
Date: Sat Jan 22 2005 - 12:28:16 EST

Next message: Johannes Stezenbach: "[PATCH 1/9] fix RPS init race"
Previous message: Mikael Pettersson: "BUG: 2.6.11-rc2 and -rc1 hang during boot on PowerMacs"
In reply to: Pavel Machek: "Re: seccomp for 2.6.11-rc1-bk8"
Next in thread: Pavel Machek: "Re: seccomp for 2.6.11-rc1-bk8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jan 22, 2005 at 11:32:42AM +0100, Pavel Machek wrote:
> Well, seccomp is also getting very little testing, when ptrace gets a
> lot of testing; I know that seccomp is simple, but I believe testing
> coverage still make ptrace better choice.

It's not testing that makes code more secure. Testing verifys the code
works in production, but testing almost never helps to find security
issues, and often not even hidden subtle race conditions. Check how many
security bugs have been found with testing. Just go to bugtraq count
them. I simply cannot relay on testing for the security part. I will
relay on testing for everything else but not for this.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Johannes Stezenbach: "[PATCH 1/9] fix RPS init race"
Previous message: Mikael Pettersson: "BUG: 2.6.11-rc2 and -rc1 hang during boot on PowerMacs"
In reply to: Pavel Machek: "Re: seccomp for 2.6.11-rc1-bk8"
Next in thread: Pavel Machek: "Re: seccomp for 2.6.11-rc1-bk8"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]