Re: [PATCH v3 2/3] Documentation: security-bugs: explain what is and is not a security bug

Next message: Christoph Hellwig: "Re: [RFC v1] io_uring/rsrc: add fast path huge page handling in buffer registration"
Previous message: Hans Verkuil: "Re: [PATCH RFC 1/2] media: docs: Clarify V4L2_FMT_FLAG_DYN_RESOLUTION usage"
In reply to: Askar Safin: "Re: [PATCH v3 2/3] Documentation: security-bugs: explain what is and is not a security bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Greg KH

Date: Wed Jun 10 2026 - 02:16:49 EST

On Wed, Jun 10, 2026 at 04:03:43AM +0300, Askar Safin wrote:
> Thank you for answer!
>
> On Tue, Jun 9, 2026 at 11:44 AM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> > > - If unprivileged user prevents privileged user from suspending
> > > system, is this security bug?
> >
> > Physical access of suspending a machine feels like an odd threat model
> > to be worried about :)
>
> I think you didn't understand me here. I meant the following situation:
> unprivileged user without physical access was somehow able
> to prevent privileged user with physical access from suspending
> or hibernating the system.

If you can find a bug like this, sure, we'll be glad to review the fix
for it. As for it being a "security" issue, that will depend on the
specific case as "can not suspend" doesn't seem to fix the definition of
"vulnerability" to me.

thanks,

greg k-h