Full Disclosure mailing list archives
Re: Linux Kernel CIFS Vulnerability
From: Andreas Bogk <andreas () andreas org>
Date: Thu, 09 Apr 2009 16:52:40 +0200
Thierry Zoller wrote:
AB> Neither the Linux kernel team, the CIFS maintainers nor any of AB> the commercial Linux distributors bothered to send out an advisory. AB> I'm at loss for words other than "irresponsible, arrogant AB> assholes". Linux 2009 == Microsoft 2002. I second that, the reason is intersintg too; linus considers security bugs as nothing else than normal bugs.
I don't mind his policy of "just fixing the bug". But I do mind when the changelog doesn't clearly state "hey, we're fixing a security issue here".
The door closes slowly for Linux in enterprises.
So true, and so sad. I remember a time when using Linux was giving actual security benefits over using Windows. These times are over. And the security gap between MS and Open Source products will continue to widen. The only OS project I know about that seriously tried to improve fundamental architectural security issues was BitC and CoyotOS. BitC is a programming language designed to combine the speed of C with the soundness of strongly typed fundamental languages, thus preventing a lot of bug classes from the start, and enabling correctness proofs across the code. The project won't be finished, since the main author, Jonathan Shapiro, will soon hold a "fairly senior position" in the Midori project at MS. Andreas _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Linux Kernel CIFS Vulnerability Andreas Bogk (Apr 09)
- Re: Linux Kernel CIFS Vulnerability Thierry Zoller (Apr 09)
- Re: Linux Kernel CIFS Vulnerability Thierry Zoller (Apr 09)
- Re: Linux Kernel CIFS Vulnerability Thierry Zoller (Apr 09)
- Re: Linux Kernel CIFS Vulnerability Andreas Bogk (Apr 09)
- Re: Linux Kernel CIFS Vulnerability Valdis' Mustache (Apr 09)
- Re: Linux Kernel CIFS Vulnerability Andreas Bogk (Apr 10)
- Re: Linux Kernel CIFS Vulnerability Thierry Zoller (Apr 09)
- Re: Linux Kernel CIFS Vulnerability Thierry Zoller (Apr 09)
- Re: Linux Kernel CIFS Vulnerability Raj Mathur (Apr 09)
- Re: Linux Kernel CIFS Vulnerability Nick Boyce (Apr 09)
- Re: Linux Kernel CIFS Vulnerability Marcus Meissner (Apr 10)
- Re: Linux Kernel CIFS Vulnerability Thierry Zoller (Apr 10)
- Re: Linux Kernel CIFS Vulnerability Marcus Meissner (Apr 10)
- Re: Linux Kernel CIFS Vulnerability Thierry Zoller (Apr 10)
- Re: Linux Kernel CIFS Vulnerability Eugene Teo (Apr 11)
- Re: Linux Kernel CIFS Vulnerability Andreas Bogk (Apr 13)
- Re: Linux Kernel CIFS Vulnerability Thierry Zoller (Apr 10)