> When the most recent kernel root level compromise bug hit, it was kept
> quiet for almost a month so distros could be updated and it could start
> spreading. Once all the sub-structure was updated, the announcement
> was made. Everyone was ready for the clamor and slam on ftp servers
> and more people were immediately protected.
Ummm, the difference in that case was that it was a genuine security
hole, and this silly IDE thing is not.
This thing is shameful to the Linux community, not because the "flaw"
exists, but because so many people are arguing about "exploits" and
"exposing" things when this is not a security issue at all. Andre can
whinge about it all he wants, but this is really just not important.
There's nothing wrong with putting some sanity checks on the ioctl
interface, but that's all they are: they offer no protection against
an attack.
-- Dave
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:17 EST