Congratulations are in order!
Posted Jun 17, 2008 17:37 UTC (Tue) by khim
In reply to: "Stable" kernel 22.214.171.124 released
Parent article: Stable kernel 126.96.36.199 released
this mentality is called security by obscurity. congratulations for having made the basic mistake in computer security ;-).
This one comment explains it all: you DON'T care about security. What you DO care about is your reputation. You will happily increase risk for users as long as everything is done by your rules.
Why? Oh, it's simple: anyone who claims that security by obscurity never works is a troll. Actual rule is "You can fool all the people some of the time, and some of the people all the time, but you cannot fool all the people all the time". Case to the point: PSP had easily exploitable backdoor in firmware from the day one - and still has it today. Yet crackers needed two years to find and exploit it. Why? Because of the obscurity. And you can be pretty sure A LOT OF guys wanted to this: hardware solitions were offered, rare disks (needed to use previously known cracks) were sold for $100 or more, etc. BIG BUSINESS. BIG MONEY. Yet no crack for TWO YEARS. THAT is the power of "security by obscurity". It DOES work. Forever? Of course not! But for a long time.
If you don't accept thios simple fact that there are nothing to discuss further - you have different set of axioms then kernel developers do.
about this particular commit: why does it make sense to mention the DoS at all then? don't you think it draws attention from the bad guys who can sniff an exploitable bug where others smell a DoS only? wouldn't it have been better (from your point of view, that is) to simply not mention anything at all?
Bingo! This particular commit is bad NOT because it does not mention all security implications, but because it talks about DoS at all. Poor phrasing, but not the end of the world.
to post comments)