From: Calum <caluml@gmail.com>
To: gentoo-security@lists.gentoo.org
Subject: Re: [gentoo-security] Kernel Security + KISS
Date: Sun, 17 Feb 2008 00:42:39 +0000 [thread overview]
Message-ID: <635498b70802161642n357cee00i87d3e7c3388ea3dc@mail.gmail.com> (raw)
In-Reply-To: <fb3727060802161457x30472ff2v970bd41902bc8de2@mail.gmail.com>
On Feb 16, 2008 10:57 PM, Casey Link <unnamedrambler@gmail.com> wrote:
> After reading the tangent topic in bug id 209460 concerning kernel
> vulnerabilities and GLSAs I did some searching and
> came across the "Kernels and GLSAs" thread from awhile ago.
And here's another one:
http://archives.gentoo.org/gentoo-security/msg_b4dcb17d4fef48ce663b9352870be6a8.xml
I started this one, and share the same views as then.
It might be boring work, (and no, I can't do it - I'm just a user of
Gentoo), but it's just strange to leave out the core on which all
other packages utilise, and depend on.
Perhaps a compromise could be reached: Only serious vulnerabilities,
in defaultly/commonly/always used parts of the kernel, causing local,
or remote root escalations would be notified?
Ddos in raid-xyz.o on MIPS only in 2.6.16-rc2-mm-test - doesn't matter.
local root in splice.c on x86/amd64 affecting 95% of kernel users - does matter.
In fact, I'd prefer that to the old
create-a-GLSA-for-every-kernel-problem solution.
Anyway, it's late, and I'm tired, and I'm not detracting from the
great job the security team do (and especially the Hardened guys), but
it's nice to have just a one-stop-shop to know if you're running
secure versions of things. (*Yes, having sources-x.y.z installed
doesn't mean that you're running it, but at least it'll force you to
install the sources to stop glsa-check from bitchin' :) - and then,
well, if you don't compile, build, and run it, well, that's your own
fault. )
C
--
http://linuxvps.org/
--
gentoo-security@lists.gentoo.org mailing list
next prev parent reply other threads:[~2008-02-17 0:43 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-16 22:57 [gentoo-security] Kernel Security + KISS Casey Link
2008-02-17 0:42 ` Calum [this message]
2008-02-17 17:46 ` Sune Kloppenborg Jeppesen
2008-02-17 21:43 ` Eduardo Tongson
2008-02-18 4:12 ` Robert Buchholz
2008-02-20 18:59 ` Harlan Lieberman-Berg
2008-02-20 19:28 ` C. Bergström
2008-02-20 22:55 ` Ned Ludd
2008-02-21 3:16 ` Eduardo Tongson
2008-02-21 6:05 ` Casey Link
2008-02-21 6:20 ` Juan Pablo Olivera
2008-02-21 7:02 ` Arthur Bispo de Castro
2008-02-21 9:14 ` nick loeve
2008-02-21 9:34 ` George Prowse
2008-02-21 13:09 ` Robert Joslyn
2008-02-21 13:35 ` Casey Link
2008-02-21 13:52 ` Eduardo Tongson
2008-02-21 16:22 ` George Prowse
2008-02-21 19:28 ` doppelgaenger
2008-02-22 2:26 ` Eduardo Tongson
2008-02-22 3:55 ` Casey Link
2008-02-23 0:48 ` Marc Riemer
2008-02-24 13:43 ` Sune Kloppenborg Jeppesen
2008-02-21 9:30 ` Marcin Dylewski
2008-02-21 9:54 ` Peter Hjalmarsson
2008-02-21 12:35 ` Eduardo Tongson
2008-02-21 13:32 ` Sune Kloppenborg Jeppesen
2008-02-25 18:10 ` Simon Zehntner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=635498b70802161642n357cee00i87d3e7c3388ea3dc@mail.gmail.com \
--to=caluml@gmail.com \
--cc=gentoo-security@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox