LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

"Stable" kernel 2.6.25.7 released

"Stable" kernel 2.6.25.7 released

Posted Jun 17, 2008 19:24 UTC (Tue) by wtarreau (subscriber, #51152)
In reply to: "Stable" kernel 2.6.25.7 released by PaXTeam
Parent article: Stable kernel 2.6.25.7 released 

stable@ is not a list, just an address to post things you think should
be fixed in stable releases. There is no secrecy there, you can simply
CC LKML if you want (and preferably the patch reporter first in order
to get information about relevance). I sometimes proceed like this.

I have no problem with your policy about not posting to private lists.
Davem does the same, and I respect this. Then you'd better check the
oss-security list : http://oss-security.openwall.org/wiki/

It is public, talks about security issues in opensource software
(including linux), and many of the closed lists members are there.

(Log in to post comments)

"Stable" kernel 2.6.25.7 released

Posted Jun 17, 2008 20:35 UTC (Tue) by PaXTeam (subscriber, #24616) [Link] 

> stable@ is not a list, just an address to post things you think should
> be fixed in stable releases.

yes, i figured it out in the meantime. problem with it still is that anything that makes it
there is already *too late* because it must have been entered the Linus tree already
(mandatory condition for a submission to be accepted). and if the commit is misleading there,
it's game over for everyone else. in any case, you can certainly CC me on anything you need my
input on *but* consider that my work has nothing to do with neither the kernel nor security
and, as of this year, i'm spending less and less of my free time on this as well, with the
eventual goal of completely stopping it. in other words, don't expect me to spend a lot of
time on this, my quota for linux/security is already pretty much exhausted.

"Stable" kernel 2.6.25.7 released

Posted Jun 17, 2008 21:21 UTC (Tue) by spender (subscriber, #23067) [Link] 

Though it won't solve many of the problems mentioned, particularly:
1) Bugs that originate in private through the numerous private mailing lists
2) Obvious and explicit security information mentioned in attached bugzilla entries getting
omitted from changelogs
3) root-based bugs not only being downplayed, but specifically labeled as not security
relevant (defeats the purpose of SELinux, SMACK, capabilities)

It may help in raising more awareness regarding the invalid userland dereference class of
bugs, which seem to most often get ignored.  (Microsoft hopefully is paying similar attention:
http://www.immunitysec.com/downloads/DriverImpersonationA...)

With that said, you're of course welcome to CC me on relevant mails as well.

-Brad

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds