Dailydave mailing list archives
Re: The security circus.
From: Peter Busser <peter () adamantix org>
Date: Tue, 19 Aug 2008 14:23:52 +0200
Hi!
It's because of Linus' recent statement: http://kerneltrap.org/Linux/Security_Bugs_and_Full_Disclosure This means that vendors that don't carefully watch upstream will miss a security issue and have their repositories owned and backdoor'd, which makes your fedora system backdoor'd on the next install or update.
Talking about backdoors in Linux... What if people submit code which is intentionally backdoored? I wonder how resiliant the Linux community is against such things. The Linux kernel is getting bigger and bigger, which might make it easier for people to hide malicious code. Besides, Linus is making a fool of himself because he is ignorant about what security is. A spectacular bug which crashes the system due to bad locking is not just a normal bug. It affects the availability of the system and should therefore be classified as a serious security bug. So yes, he is accidentally right about these bugs being equally "glorious" to privilege elevation bugs. Why do people think that security is only about elevating privileges? Groetjes, Peter. _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- The security circus. Dave Aitel (Aug 15)
- Re: The security circus. Adrien Krunch Kunysz (Aug 16)
- Re: The security circus. Jeremiah Johnson (Aug 18)
- Re: The security circus. Peter Busser (Aug 19)
- Re: The security circus. Dave Korn (Aug 19)
- Re: The security circus. Jeremiah Johnson (Aug 18)
- Re: The security circus. Adrien Krunch Kunysz (Aug 16)