LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Time for a security release?

Time for a security release?

Posted Jul 17, 2008 20:01 UTC (Thu) by chromatic (guest, #26207)
In reply to: Time for a security release? by tetromino
Parent article: Handling kernel security problems 

How would you prevent a security-only release from making life much more difficult for
everyone who doesn't run an up-to-the-minute kernel?  If every changeset must fix a potential
security hole, you give changeset-reading miscreants dozens of new attack vectors to explore
every day.

(Log in to post comments)

Time for a security release?

Posted Jul 17, 2008 21:57 UTC (Thu) by dvdeug (subscriber, #10998) [Link] 

Why would it make life much more difficult? Today, "changeset-reading miscreants [have] dozens
of new attack vectors to explore every day." In that case, "changeset-reading miscreants
[would have] dozens of new attack vectors to explore every day." I'm not sure that it would
have a serious effect on the time it takes to find a feasible attack vector and exploit it.

On the other hand, for sometime after the final release, those who were behind on the latest
kernel would have a less actually exploitable holes in the kernel for even the most careful
source-code reading hacker to find.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds