Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Calum <caluml@...>
Subject: Re: Kernel Security + KISS
Date: Sun, 17 Feb 2008 00:42:39 +0000
On Feb 16, 2008 10:57 PM, Casey Link <unnamedrambler@...> wrote:
> After reading the tangent topic in bug id 209460 concerning kernel
> vulnerabilities and GLSAs I did some searching and
> came across the "Kernels and GLSAs" thread from awhile ago.

And here's another one:

http://archives.gentoo.org/gentoo-security/msg_b4dcb17d4fef48ce663b9352870be6a8.xml

I started this one, and share the same views as then.
It might be boring work, (and no, I can't do it - I'm just a user of
Gentoo), but it's just strange to leave out the core on which all
other packages utilise, and depend on.

Perhaps a compromise could be reached: Only serious vulnerabilities,
in defaultly/commonly/always used parts of the kernel, causing local,
or remote root escalations would be notified?

Ddos in raid-xyz.o on MIPS only in 2.6.16-rc2-mm-test - doesn't matter.
local root in splice.c on x86/amd64 affecting 95% of kernel users - does matter.

In fact, I'd prefer that to the old
create-a-GLSA-for-every-kernel-problem solution.

Anyway, it's late, and I'm tired, and I'm not detracting from the
great job the security team do (and especially the Hardened guys), but
it's nice to have just a one-stop-shop to know if you're running
secure versions of things. (*Yes, having sources-x.y.z installed
doesn't mean that you're running it, but at least it'll force you to
install the sources to stop glsa-check from bitchin' :) - and then,
well, if you don't compile, build, and run it, well, that's your own
fault. )

C

--
http://linuxvps.org/
-- 
gentoo-security@g.o mailing list


References:
Kernel Security + KISS
-- Casey Link
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Kernel Security + KISS
Next by thread:
Re: Kernel Security + KISS
Previous by date:
Kernel Security + KISS
Next by date:
Re: Encrypting a user home folder on a laptop


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.