User: Password:
|
|
Subscribe / Log in / New account

Shocking

Shocking

Posted Jul 19, 2008 12:18 UTC (Sat) by PaXTeam (guest, #24616)
In reply to: Shocking by riel
Parent article: Kernel security problems: a response

> Fixes for race conditions that lead to data corruption are often a much
> more important reason to update systems than a fix for a security bug
> that can only be exploited by local users.

> Security bugfixes are important, but they are no more important than
> many other kinds of bugfixes.  Why would they deserve a special label?

question: when a commit fixes a bug that can result in data corruption, does it say so or not?
because if it does, then you've just answered the question above. and if it doesn't, then how
do you expect distro and other people maintaining their own kernel trees to figure out whether
to consider the commit for backport or not? remember, you're playing with fire here, if the
people doing the backport miss just one such a commit (out of the many thousands that go into
a release, no less), they'll put their users' data at risk.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds