Re: RFC: Starting a stable kernel series off the 2.6 kernel

From: Matthias Andree
Date: Tue Dec 06 2005 - 05:45:35 EST

Next message: Sander: "Re: Linux in a binary world... a doomsday scenario"
Previous message: Arjan van de Ven: "Re: [PATCH] Win32 equivalent to GetTickCount systemcall (i386)"
In reply to: Horst von Brand: "Re: RFC: Starting a stable kernel series off the 2.6 kernel"
Next in thread: Florian Weimer: "Re: RFC: Starting a stable kernel series off the 2.6 kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 05 Dec 2005, Horst von Brand wrote:

> > You mentioned security issues in your initial post. I think it would
> > help immensely if security bugs would be documented properly (affected
> > versions, configuration requirements, attack range, loss type etc.)
> > when the bug is fixed, by someone who is familiar with the code.
> > (Currently, this information is scraped together mostly by security
> > folks, sometimes after considerable time has passed.) Having a
> > central repository with this kind of information would enable vendors
> > and not-quite-vendors (people who have their own set of kernels for
> > their machines) to address more vulnerabilties promptly, including
> > less critical ones.
>
> I've fixed bugs which turned out to be security vulnerabilities. And I
> didn't know (or even care much) at the time. Finding out if some random bug
> has security implications, and exactly which ones/how much of a risk they
> pose is normally /much/ harder than to fix the bugs. And rather pointless,
> after the fix is in.

I believe everyone who maintains a nontrivial piece of software has
experienced a situation where a bug fix addressed a bug that could
actually be exploited and that wasn't clear at the time.

Calling this "pointless" after the fix is in leaves people in danger
unaware, unless it happens on a branch where every user can be expected
to update because only tested fixes are merged. As this isn't the case
for the kernel, but everyone moves on at will, doesn't care if a
previous bug fix is exploitable and whatnot, the Linux kernel's security
is essentially nonexistent, and expecting downstream QA teams to handle
this is just ridiculous for many reasons already mentioned.

--
Matthias Andree
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Sander: "Re: Linux in a binary world... a doomsday scenario"
Previous message: Arjan van de Ven: "Re: [PATCH] Win32 equivalent to GetTickCount systemcall (i386)"
In reply to: Horst von Brand: "Re: RFC: Starting a stable kernel series off the 2.6 kernel"
Next in thread: Florian Weimer: "Re: RFC: Starting a stable kernel series off the 2.6 kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]