Dailydave mailing list archives
Re: Security people are leaches. [sic]
From: Aaron <apconole () yahoo com>
Date: Fri, 7 Aug 2009 10:41:09 -0700 (PDT)
except we don't live in a black and white world. 'security bug' or heck, just 'bug' is not a binary property, there're many shades of grey in what exactly the bug accomplishes. it's clearly not enough to state that 'this commit fixes something but i did not want to bother to understand what', users of said commits need more information than that. fortunately not all developers share linus' mindset although their efforts are sometimes in vain when what he commits intentionally omits security relevant information.
Excuse me, but no one commits fixes without understanding what they've fixed. If someone fixes a segfault/oops they might not have done the investigation to determine whether or not something is theoretically or practically usable for something nefarious, but they understand that there was a null pointer dereference, or an invalid lock condition and they removed that problem. The 'shades of grey' only exist to security people. To no one else is it important that a bug disclose information, allow invalid root access, or escalate privileges. So the point still stands, why burden the average kernel developer/debugger to do security research work for the security researcher?
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Security people are leaches. [sic] pageexec (Jul 27)
- Re: Security people are leaches. [sic] yersinia (Jul 28)
- Re: Security people are leaches. [sic] Peter Busser (Aug 05)
- Re: Security people are leaches. [sic] Aaron (Jul 28)
- Re: Security people are leaches. [sic] Peter Busser (Aug 05)
- Re: Security people are leaches. [sic] Adrien Kunysz (Aug 06)
- Re: Security people are leaches. [sic] pageexec (Aug 07)
- Re: Security people are leaches. [sic] Aaron (Aug 07)
- Re: Security people are leaches. [sic] RB (Aug 16)
- Re: Security people are leaches. [sic] dave (Aug 08)
- Re: Security people are leaches. [sic] Shane Macaulay (Aug 08)
- Re: Security people are leaches. [sic] Peter Busser (Aug 05)
- Re: Security people are leaches. [sic] yersinia (Jul 28)
- <Possible follow-ups>
- Re: Security people are leaches. [sic] Eugene Teo (Aug 10)