Re: Proper procedure for reporting possible security vulnerabilities?

[linux-os]

Are you sure it's an exploit? My information was that grsecurity
wanted some of their 'hooks' added to recent kernels and it hasn't
happened. That's not a security problem, that's an application
problem.

On Mon, 10 Jan 2005, Steve Bergman wrote:

> Florian Weimer wrote:
>
> > Contact your vendor.  You are using vendor kernels, are you? 8-)
>
> Actually I am having a discussion with a Pax Team member about how the recent 
> exploits discovered by the grsecurity guys should have been handled.  They 
> clam that they sent email to Linus and Andrew and did not receive a response 
> for 3 weeks, and that is why they released exploit code into the wild.
>
> Anyone here have any comments on what I should tell him?
>
> Thanks,
> Steve Bergman
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/

Cheers,
Dick Johnson
Penguin : Linux version 2.6.10 on an i686 machine (5537.79 BogoMips).
 Notice : All mail here is now cached for review by Dictator Bush.
                 98.36% of all statistics are fiction.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/