From: Greg KH <greg@kroah.com>
To: Willy Tarreau <w@1wt.eu>
Cc: leon@kernel.org, security@kernel.org,
Jonathan Corbet <corbet@lwn.net>,
skhan@linuxfoundation.org, workflows@vger.kernel.org,
linux-doc@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 2/3] Documentation: security-bugs: explain what is and is not a security bug
Date: Mon, 27 Apr 2026 07:48:23 -0600 [thread overview]
Message-ID: <2026042753-ozone-jigsaw-4ad5@gregkh> (raw)
In-Reply-To: <20260426163914.19449-3-w@1wt.eu>
On Sun, Apr 26, 2026 at 06:39:13PM +0200, Willy Tarreau wrote:
> +In the Linux kernel's threat model, an issue is **not** a security bug, and
> +should not be reported to the security list, when triggering it requires the
> +reporter to first undermine the system they are attacking. This includes, but
> +is not limited to, behavior that only manifests after the administrator has
> +explicitly enabled it (loading a module, setting a sysctl, writing to a debugfs
> +knob, or otherwise using an interface documented as privileged or unsafe); bugs
> +reachable only through root or CAP_SYS_ADMIN or CAP_NET_ADMIN on a machine the
> +actor already fully controls, with no further privilege boundary being crossed;
> +prediction of random numbers that only works in a totally silent environment
> +(such as IP ID, TCP ports or sequence numbers that can only be guessed in a
> +lab), issues that appear only in debug, lockdep, KASAN, fault-injection,
> +CONFIG_NOMMU, or other developer-oriented kernel builds that are not intended
> +for production use; problems seen only under development simulators, emulators,
> +or fuzzing harnesses that present hardware or input states which cannot occur
> +on real systems; bugs that require modified or emulated hardware; missing
> +hardening or defence-in-depth suggestions with no demonstrable exploit path
> +(including local ASLR bypass); mounting file systems that would be fixed or
> +rejected by fsck; and bugs in out-of-tree modules or vendor forks, which should
> +be reported to the relevant vendor. Functional and performance regressions,
> +and disagreements with documented kernel policy (for example, "root can load
> +modules"), are likewise ordinary bugs or feature requests rather than security
> +issues, and should be reported via the usual channels.
This is a great list to start with, but perhaps we should put it in list
form so that it's easier to read?
Also, I can see this turning into a separate document eventually as
different subsystems should have a chance to weigh in on what they
consider the threat model to be (like what the IB subsystem does which I
don't think you listed above, or the USB subsystem.)
thanks,
greg k-h
next prev parent reply other threads:[~2026-04-27 13:49 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-26 16:39 [PATCH 0/3] Documentation: security-bugs: new updates covering triage and AI Willy Tarreau
2026-04-26 16:39 ` [PATCH 1/3] Documentation: security-bugs: do not systematically Cc the security team Willy Tarreau
2026-04-27 13:49 ` Greg KH
2026-04-27 15:24 ` Willy Tarreau
2026-04-27 15:33 ` Greg KH
2026-04-27 16:09 ` Willy Tarreau
2026-04-26 16:39 ` [PATCH 2/3] Documentation: security-bugs: explain what is and is not a security bug Willy Tarreau
2026-04-26 19:33 ` Randy Dunlap
2026-04-27 13:48 ` Greg KH [this message]
2026-04-27 15:27 ` Willy Tarreau
2026-04-27 15:35 ` Greg KH
2026-04-27 16:14 ` Willy Tarreau
2026-04-28 21:13 ` Greg KH
2026-04-29 3:09 ` Willy Tarreau
2026-04-29 6:10 ` Greg KH
2026-05-01 13:57 ` Willy Tarreau
2026-05-02 5:20 ` Demi Marie Obenour
2026-05-02 5:35 ` Willy Tarreau
2026-05-02 5:51 ` Demi Marie Obenour
2026-05-02 6:07 ` Willy Tarreau
2026-05-02 6:27 ` Demi Marie Obenour
2026-04-26 16:39 ` [PATCH 3/3] Documentation: security-bugs: clarify requirements for AI-assisted reports Willy Tarreau
2026-04-26 19:36 ` Randy Dunlap
2026-04-27 2:22 ` Willy Tarreau
2026-04-27 13:50 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2026042753-ozone-jigsaw-4ad5@gregkh \
--to=greg@kroah.com \
--cc=corbet@lwn.net \
--cc=leon@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=security@kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=w@1wt.eu \
--cc=workflows@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.