Re: thoughts on kernel security issues

[Alan Cox]

On Iau, 2005-01-13 at 03:53, Marek Habersack wrote:
> That might be, but note one thing: not everybody runs vendor kernels (for various
> reasons). Now see what happens when the super-secret vulnerability (with
> vendor fixes) is described in an advisory. A person managing a park of machines 
> (let's say 100) with custom, non-vendor, kernels suddenly finds out that they 
> have a buggy kernel and 100 machines to upgrade while the exploit and the

Those running 2.4 non-vendor kernels are just fine because Marcelo
chooses to work with vendor-sec while Linus chooses not to. I choose to
work with vendor-sec so generally the -ac tree is also fairly prompt on
fixing things. 

Given that base 2.6 kernels are shipped by Linus with known unfixed
security holes anyone trying to use them really should be doing some
careful thinking. In truth no 2.6 released kernel is suitable for
anything but beta testing until you add a few patches anyway. 

2.6.9 for example went out with known holes and broken AX.25 (known) 
2.6.10 went out with the known holes mostly fixed but memory corrupting
bugs, AX.25 still broken and the wrong fix applied for the smb holes so
SMB doesn't work on it

I still think the 2.6 model works well because its making very good
progress and then others are doing testing and quality management on it.
Linus is doing the stuff he is good at and other people are doing the
stuff he doesn't.

That change of model changes the security model too however.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/