LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

LWN.net Weekly Edition for June 6, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Shocking

Shocking

Posted Jul 17, 2008 22:01 UTC (Thu) by mgh (guest, #5696)
In reply to: Shocking by riel
Parent article: Kernel security problems: a response 

Agree; Personally, I'd move quicker to apply a fix to data security than to access security.
Access security threats are much easier to mitigate than data security issues within the OS.  

Some people are so obsessed with one class of security bug (un-authorised access) that its
become all consuming for them.  It's almost as if "I know my data is corrupted - but its ok NO
ONE else can ever get to it" has become the mantra.  

Really what is being asked for could be re-phrased like this:-

"What we'd like you (kernel devs) to do is to categorise and provide a risk profile for some
of the bugs you fix in your software.  In fact we'd like you to prioritise according to our
priorities and make it explicit in your work that these threats are fixed because we believe
they are more important than anything else."

As for the "Full disclosure" argument its nuts - the code is there, its 100% transparent...
oh, wait, you want the developer to tell you about stuff YOU think is most important - maybe
the developers have decided to opt out of classification and risk assessment and just work on
improving the product...  

Like all religious arguments the underlying requirement is to make someone else do something
to make the other feel better about their world.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds