So first some data (in chronological order):
The last 3 and the first one are credited to Wojciech Purczynski (firstname.lastname@example.org), while the remaining 10 are credited to Paul Starzetz (email@example.com). The last 3 from cliph are during his employment at COSEINC.
Paul Starzetz had this to say about the Linux kernel (from http://searchenterpriselinux.techtarget.com/news/article/...):
"First the problem [with] Linux is that there are too many people 'hacking' the code. It has reached a complexity where the 'I-hack-quickly-some-code' approach doesn't work anymore."
and in reply to a security advisory dismissing one of his vulnerabilities as a "DoS" (from http://www.security-express.com/archives/bugtraq/2006-07/...):
"I really wonder why in the recent past there is a tendence to declare
such things as "denial of service" etc - while they are perfect root
backdoors / vulns
*B000M* you are in one minut^K^K^Ke later...
Maybe this is just to hide the overall bad quality of the 2.6 kernel
code? *just guessing*
Anyway CVE-2006-2451 is trivially exploitable so I don't attach any
exploit code since it is obvious..."
I should also mention that since October 15, 2007, Paul Starzetz has been employed by Immunity, who specifically practices non-disclosure. So if you're patting yourselves on the back because he hasn't made public any more serious exploits in the kernel, it has nothing to do with the quality of the code.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds