User: Password:
|
|
Subscribe / Log in / New account

Kernel.org's road to recovery

Kernel.org's road to recovery

Posted Oct 9, 2011 17:01 UTC (Sun) by jrn (subscriber, #64214)
In reply to: Kernel.org's road to recovery by PaXTeam
Parent article: Kernel.org's road to recovery

> for extra bones, explain the security risk of commit 976d167615b64e14bc1491ca51d424e2ba9a5e84

That commit does not have much risk of causing a regression, so the threshold for justifying it on security grounds does not have to be very high. So let's see:

I would say that the security impact in the context of a 3.1-rc9 kernel is positive, since it documents (through the output of commands such as "uname -a") that the kernel follows a certain well documented set of behaviors and sysadmins can act accordingly. On the other hand, backporting that patch to a 3.0.y stable kernel would have severe negative security impact, because it would create a false impression that bugs affecting v3.0 and not affecting v3.1-rc9 have been fixed. Even looking at this from the point of view of security alone, I am glad that commit was not tagged with "Cc: stable".

Hope that helps.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds