Re: thoughts on kernel security issues
From: Andrew Morton
Date: Wed Jan 12 2005 - 21:32:33 EST
Linus Torvalds <torvalds@xxxxxxxx> wrote:
>
> Yes, I think delayed disclosure is broken. I think the whole notion of
> "vendor update available when disclosure happens" is nothing but vendor
> politics, and doesn't help _users_ one whit.
> ...
>
> So I think the whole vendor-sec thing is not helping users at all, it's
> purely a "vendor embarassment" thing.
That sounds a bit over-the-top to me, sorry.
AFAIUI, the vendor requirement is that they have time to have an upgraded
kernel package on their servers when the bug becomes public knowledge.
If correct and reasonable, then what is the best way in which we can
support them in this while promptly upgrading the kernel.org kernel?
Also:
I think we need to be more explicit in separating _types_ of security
problems. This recent controversy over the RLIM_MEMLOCK DoS is plain
silliness.
Look through the kernel changelogs for the past year - we've fixed a huge
number of "fix oops in foo" and "fix deadlock in bar" and "fix memory leak
in zot". All of these are of exactly the same severity as the rlimit bug,
and nobody cares, nobody is hurt.
The fuss over the rlimit problem occurred simply because some external
organisation chose to make a fuss over it.
IMO, local DoS holes are important mainly because buggy userspace
applications allow remote users to get in and exploit them, and for that
reason we of course need to fix them up. Even though such an attacker
could cripple the machine without exploiting such a hole.
For the above reasons I see no need to delay publication of local DoS holes
at all. The only thing for which we need to provide special processing is
privilege escalation bugs.
Or am I missing something?
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/