User: Password:
|
|
Subscribe / Log in / New account

Time for a security release?

Time for a security release?

Posted Jul 17, 2008 20:01 UTC (Thu) by chromatic (guest, #26207)
In reply to: Time for a security release? by tetromino
Parent article: Handling kernel security problems

How would you prevent a security-only release from making life much more difficult for
everyone who doesn't run an up-to-the-minute kernel?  If every changeset must fix a potential
security hole, you give changeset-reading miscreants dozens of new attack vectors to explore
every day.


(Log in to post comments)

Time for a security release?

Posted Jul 17, 2008 21:57 UTC (Thu) by dvdeug (subscriber, #10998) [Link]

Why would it make life much more difficult? Today, "changeset-reading miscreants [have] dozens
of new attack vectors to explore every day." In that case, "changeset-reading miscreants
[would have] dozens of new attack vectors to explore every day." I'm not sure that it would
have a serious effect on the time it takes to find a feasible attack vector and exploit it.

On the other hand, for sometime after the final release, those who were behind on the latest
kernel would have a less actually exploitable holes in the kernel for even the most careful
source-code reading hacker to find. 


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds