| |||||||||||||
Self interestSelf interestPosted Jul 21, 2008 12:36 UTC (Mon) by zooko (subscriber, #2589)In reply to: Self interest by PaXTeam Parent article: Handling kernel security problems
From my perspective, it seems like it would be nice for someone to do the work of identifying security bugs specifically and explaining, for each one, what sort of situations expose the user to danger, how to work-around it, and what patch(es) fix it. We've already heard that GregKH and Linus aren't going to do that. Perhaps there's an opportunity for some other motivated, skilled person to offer that service? Such a service would help some users manage their risks better, and it would provide a valuable "feedback loop" to the kernel developers by documenting the issues.
(Log in to post comments)
Self interest Posted Jul 21, 2008 12:46 UTC (Mon) by PaXTeam (subscriber, #24616) [Link] yes, it would be the next step after the already known security issues are acknowleged at least. since such research requires full staff, the Linux vendors are in the best position to fund such a service.
Self interest Posted Jul 21, 2008 13:44 UTC (Mon) by nix (subscriber, #2304) [Link] Excellent idea. However, if the distro vendors did this, they'd probably do it for their stable enterprise kernels, as those are the kernels their paying customers use (and also kernels that change slowly enough that this sort of fine tooth-combing is possible). I wish this sort of thing was possible to fund with the raging high-speed chaos that is upstream kernels but I have a feeling that it isn't :/ still, hopefully if this were done *some* of the holes that were found in distro kernels might still be applicable upstream. (disclaimer: I have no input into funding decisions anywhere at all nor ever have had. This is purest speculation.)
|
|||||||||||||