Re: The security circus.

[Peter Busser <peter () adamantix org>]

Hi!

> It's because of Linus' recent statement:
> http://kerneltrap.org/Linux/Security_Bugs_and_Full_Disclosure
>
> This means that vendors that don't carefully watch upstream will miss
> a security issue and have their repositories owned and backdoor'd,
> which makes your fedora system backdoor'd on the next install or
> update.

Talking about backdoors in Linux... What if people submit code which is
intentionally backdoored? I wonder how resiliant the Linux community is
against such things. The Linux kernel is getting bigger and bigger,
which might make it easier for people to hide malicious code.

Besides, Linus is making a fool of himself because he is ignorant about
what security is. A spectacular bug which crashes the system due to bad
locking is not just a normal bug. It affects the availability of the
system and should therefore be classified as a serious security bug. So
yes, he is accidentally right about these bugs being equally "glorious" to
privilege elevation bugs.

Why do people think that security is only about elevating privileges?

Groetjes,
Peter.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave