Re: thoughts on kernel security issues

From: Alan Cox
Date: Fri Jan 14 2005 - 20:48:32 EST

Next message: Alan Cox: "Re: Linux 2.6.10-ac9"
Previous message: Alan Cox: "Re: ServerWorks CSB6 DMA problems"
In reply to: Julian T. J. Midgley: "Re: thoughts on kernel security issues"
Next in thread: Marek Habersack: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Gwe, 2005-01-14 at 15:12, Julian T. J. Midgley wrote:
> You'll have to explain why leaking the information "that there is a
> bug in $PROGRAM", by fixing it (without disclosing either the bug or
> the fix), is a problem. After all, you can assume that for every

Because the bad guys do keep watch and they do go looking and some of
them are very very bright people. Knowing application A has a bug
generally means you know the kind of bug because it'll be "flavour of
the month" bug. In other words most bugs are variants of the latest
exploit because everyone is now looking at every other app for the same
problem.

We had network buffer overflow period, multiplication/addition overflow
period, 2D maths overflow in image viewer period and so on..

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: Linux 2.6.10-ac9"
Previous message: Alan Cox: "Re: ServerWorks CSB6 DMA problems"
In reply to: Julian T. J. Midgley: "Re: thoughts on kernel security issues"
Next in thread: Marek Habersack: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]