grsecurity 2.1.0 and kernel vulnerabilities
Posted Jan 11, 2005 6:26 UTC (Tue) by cadence
Parent article: grsecurity 2.1.0 and kernel vulnerabilities
For anyone interested, I found these tidbits of information regarding the method(s) used to post patches for the linux kernel... some of it seems like it was probably written long long ago... and maybe needs some updating, considering I didn't stumble across much with regards to security patches that may be considered (too) sensitive to post on a public mailing list such as the lkml or bugtraq other than #s1-15 mentioning sending an email directly to Linus, which it seems both PaxTeam, and GRSecurity teams did.. possibly Linus didn't feel they were urgent enough to consider a large security hole (as Andrew Morton's comments on lkml suggest, since none are root exploitable, one being a DOS attack, but he suggests much simpler DOS attacks via other methods that aren't considered insecure), so it would seem that the security holes discovered, would be material for the lkml list... mind you, a simple email (as suggested as being a oneliner email) by linus or andrew to either grsecurity team and paxteam respectively, simply stating they should post them to the lkml since they (apparently?) weren't "urgent".
This all begs the question that if they weren't urgent (based on Linus and Andrew not replying directly to them, and by the fact that Andrew stated on the LKML that he felt they weren't urgent bugs), why is everyone jumping all over grsecurity team, and paxteam for posting these publicly... as that (according to the below links) would be exactly where the next place to send them would be (the LKML).
to post comments)