LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Kernel security, year to date

Kernel security, year to date

Posted Sep 12, 2008 23:34 UTC (Fri) by bfields (subscriber, #19510)
In reply to: Kernel security, year to date by nix
Parent article: Kernel security, year to date

They don't have CVE numbers and perhaps the authors didn't even bother to isolate the commit that introduced the problem.
09229edb68a3961db54174a2725055bd1589b4b8 and dc9a16e49dbba3dd042e6aec5d9a7929e099a89b.
How terrifying, I'm sure the fix is much worse as a consequence.

I don't think knowing the original commits would help much with the fixes in this particular case, but if you see any problems, speak up. I agree that including the commit id's of the original commits would have been a good idea, and I'll try to do that in the future.

And if I could make a request for next time: could you please (please!) respond by email instead of lwn comments? Preferably cc'd to the relevant public lists, but if for some reason you just can't stand the idea of sending email to vger lists, then private mail will work too.

(Log in to post comments)

Kernel security, year to date

Posted Sep 12, 2008 23:46 UTC (Fri) by nix (subscriber, #2304) [Link]

I didn't email you about this because I didn't think you'd done anything
which needed to change: you fixed a bug, and that's great. Obviously you
knew these fixes had security implications because you said so, and, to
me, that's enough.

(I *was* being somewhat sarcastic. Of course the fix isn't worse because
of the wording of the log message! :) )

Kernel security, year to date

Posted Sep 13, 2008 2:51 UTC (Sat) by bfields (subscriber, #19510) [Link]

you fixed a bug, and that's great.

Yeah, well, but I'm also the one that introduced the more serious of those two bugs (and failed to catch the other in review). Urgh.

I *was* being somewhat sarcastic.

OK! I think it's a reasonable request to include the commit id's that introduced the bugs, though.

Kernel security, year to date

Posted Sep 13, 2008 3:00 UTC (Sat) by bfields (subscriber, #19510) [Link]

(And, right, sorry, I see the sarcasm now. I got a little lost in the conversation there. More sleep needed!)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds