Re: The state of linux security

From: Alan Cox
Date: Thu Jul 17 2008 - 14:31:37 EST

Next message: Frank Ch. Eigler: "Re: [RFC] systemtap: begin the process of using proper kernel APIs (part1: use kprobe symbol_name/offset instead of address)"
Previous message: Jason mclaughlin: "seems right on anyhow"
In reply to: Stefan Roas: "Re: The state of linux security"
Next in thread: Helge Hafting: "Re: The state of linux security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> the relative security of linux and the likely hood that smart people
> are able to cause a bit of mindless vandalism or get up to much worse.

Distributions assign CVE numbers to kernel vulnerabilities. As
distributions like Fedora ship current kernels they provide a pretty
complete summary.

> One more thing I'd like to throw out there on the issue of
> accountability is this: How do I know that some developers have not
> been paid to specifically introduce some obscure security flaw?

Wrong question. Thats a very naÃve basis for thinking about security. Why
should end users care whether a flaw was added deliberately or by
mistake. What matters is that the flaw is identified. A passive attacker
observing a flaw and using it is at least as dangerous if not more so
than an active attacker.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Frank Ch. Eigler: "Re: [RFC] systemtap: begin the process of using proper kernel APIs (part1: use kprobe symbol_name/offset instead of address)"
Previous message: Jason mclaughlin: "seems right on anyhow"
In reply to: Stefan Roas: "Re: The state of linux security"
Next in thread: Helge Hafting: "Re: The state of linux security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]