|| ||Alan Cox <alan-AT-lxorguk.ukuu.org.uk>|
|| ||Re: thoughts on kernel security issues|
|| ||Thu, 13 Jan 2005 15:36:33 +0000|
|| ||Dave Jones <davej-AT-redhat.com>, Linus Torvalds <torvalds-AT-osdl.org>,
Marcelo Tosatti <marcelo.tosatti-AT-cyclades.com>,
Greg KH <greg-AT-kroah.com>, Chris Wright <chrisw-AT-osdl.org>,
Linux Kernel Mailing List <linux-kernel-AT-vger.kernel.org>|
On Iau, 2005-01-13 at 03:53, Marek Habersack wrote:
> That might be, but note one thing: not everybody runs vendor kernels (for
> reasons). Now see what happens when the super-secret vulnerability (with
> vendor fixes) is described in an advisory. A person managing a park of machines
> (let's say 100) with custom, non-vendor, kernels suddenly finds out that they
> have a buggy kernel and 100 machines to upgrade while the exploit and the
Those running 2.4 non-vendor kernels are just fine because Marcelo
chooses to work with vendor-sec while Linus chooses not to. I choose to
work with vendor-sec so generally the -ac tree is also fairly prompt on
Given that base 2.6 kernels are shipped by Linus with known unfixed
security holes anyone trying to use them really should be doing some
careful thinking. In truth no 2.6 released kernel is suitable for
anything but beta testing until you add a few patches anyway.
2.6.9 for example went out with known holes and broken AX.25 (known)
2.6.10 went out with the known holes mostly fixed but memory corrupting
bugs, AX.25 still broken and the wrong fix applied for the smb holes so
SMB doesn't work on it
I still think the 2.6 model works well because its making very good
progress and then others are doing testing and quality management on it.
Linus is doing the stuff he is good at and other people are doing the
stuff he doesn't.
That change of model changes the security model too however.
to post comments)