LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Clearly a security hole, but why not call a spade a spade?

Clearly a security hole, but why not call a spade a spade?

Posted Jul 13, 2008 23:26 UTC (Sun) by epa (subscriber, #39769)
Parent article: Stable kernel 2.6.25.11 

The announcement makes it pretty clear that this is a serious security hole without the
vulgarity of having to utter the word 'security'.  Why this prudery on the part of the kernel
developers?

(Log in to post comments)

Clearly a security hole, but why not call a spade a spade?

Posted Jul 14, 2008 10:16 UTC (Mon) by PaXTeam (subscriber, #24616) [Link] 

makes you wonder, eh? ;) i've been asking the same question a few times already, here (last
time: http://lwn.net/Articles/288473/) and even on lkml (http://marc.info/?t=121507404600023)
but have yet to get a response. i wonder what the sceptics will have to say about this one.

as for this particular bug, it allows an attacker to execute code in ring-0 directly. the
problem with the oversized LDT limit is that normally the kernel filters what kind of
descriptors can be placed there but due to the miscalculated limit, the CPU can actually
access more memory behind what the kernel believes belongs to the LDT, therefore clever
manipulation of that memory can result in ring-0 descriptors appearing there.

Clearly a security hole, but why not call a spade a spade?

Posted Jul 14, 2008 15:53 UTC (Mon) by bfields (subscriber, #19510) [Link]

even on lkml (http://marc.info/?t=121507404600023) but have yet to get a response.

I'm confused. The above seems to be a link to a response?

Clearly a security hole, but why not call a spade a spade?

Posted Jul 14, 2008 16:04 UTC (Mon) by nix (subscriber, #2304) [Link] 

That was posted after the message you responded to.

Here is Linus position on the commit texts

Posted Jul 15, 2008 13:39 UTC (Tue) by hmh (subscriber, #3838) [Link]

http://thread.gmane.org/gmane.linux.kernel/701694/focus=706600

Linus Torvalds:

We went through this discussion a couple of weeks ago, and I had absolutely zero interest in explaining it again.

I personally don't like embargoes. I don't think they work. That means that I want to fix things asap. But that also means that there is never a time when you can "let people know", except when it's not an issue any more, at which point there is no _point_ in letting people know any more.

So I personally consider security bugs to be just "normal bugs". I don't cover them up, but I also don't have any reason what-so-ever to think it's a good idea to track them and announce them as something special.

So there is no "policy". Nor is it likely to change.

Now, it is pretty clear a lot of people don't agree about the there is no _point_ in letting people know any more part, because of security backports or whatever. Otherwise, nobody would be complaining.

Maybe someone wants to take up the "stable security announcement reviewer" and look over all patches for security fixes, documenting that for the stable team through public emails to LKML as a reply to the stable -rc patchsets?

Because otherwise, it is pretty clear it won't be done by the current team. Their priorities lie in bug fixing and development, not security management. Which is fine.

So, will someone whose first priority is security management please step up and start doing the work? All this complaining without any positive action is getting tiresome.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds