From: Florian Weimer <fw@deneb.enyo.de>
To: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: Ptrace hole / Linux 2.2.25
Date: Sun, 23 Mar 2003 22:46:57 +0100 [thread overview]
Message-ID: <87of41ah7y.fsf@deneb.enyo.de> (raw)
In-Reply-To: <1048458288.10712.78.camel@irongate.swansea.linux.org.uk> (Alan Cox's message of "23 Mar 2003 22:24:49 +0000")
Alan Cox <alan@lxorguk.ukuu.org.uk> writes:
> On Sun, 2003-03-23 at 20:33, Florian Weimer wrote:
>> Well, this is a problem which will be fixed over time. Amorphous
>> distributions such as Debian will no longer be notified first, and
>
> Why would anyone do that.
Read the IIS rationale for not contacting Apache.
For a different perspective, ask some folks who are involved in the
current IIS issue. There are many reasons nowadays to restrict
information to non-citizens.
I'm not saying that this is reasonable, but there will always be
people unable to make a rational, informed decision, and if things get
irrational, those without the big pockets tend to lose.
Anyway, the current way security issues are handled will last a year,
maybe two. I'm not sure in which direction it will evolve, either far
more anarchistic (unlikely), or completely regulated (very likely, I
smell a lot of money down that road).
> Debian is a bunch of amateurs true, but they happen to be a bunch of
> extremely professional amateurs when it comes to security.
I'm not in a position to judge this because the process is too closed.
But in general, they seem to do a good job, I agree.
> If you get it wrong stuff leaks, take a look at the latest CERT fiasco
I don't think things were different if the issues were revealed in a
coordinated manner in June or July. You can't really fix it anyway
and my Kerberos guru tells me that the community has known for ages
that Kerberos 4 was broken at the protocol level. Nobody was bothered
enough to write it down, though.
And CERT/CC deliberately leaks stuff to unrelated parties, you know.
This time, you just don't have to pay for it.
next prev parent reply other threads:[~2003-03-23 21:35 UTC|newest]
Thread overview: 103+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20030323194012$6886@gated-at.bofh.it>
[not found] ` <20030323194014$66c3@gated-at.bofh.it>
[not found] ` <20030323195010$5026@gated-at.bofh.it>
[not found] ` <20030323195012$6f30@gated-at.bofh.it>
[not found] ` <20030323200029$737b@gated-at.bofh.it>
[not found] ` <20030323202005$2a74@gated-at.bofh.it>
2003-03-23 20:33 ` Ptrace hole / Linux 2.2.25 Florian Weimer
2003-03-23 22:24 ` Alan Cox
2003-03-23 21:46 ` Florian Weimer [this message]
2003-03-23 23:05 ` Alan Cox
[not found] ` <20030323200023$1a65@gated-at.bofh.it>
[not found] ` <20030323202014$096a@gated-at.bofh.it>
2003-03-23 20:35 ` Florian Weimer
2003-03-23 20:59 ` Robert Love
2003-03-27 14:47 Dr. Greg Wettstein
-- strict thread matches above, loose matches on Subject: below --
2003-03-23 22:38 Martin J. Bligh
2003-03-23 22:53 ` Jeff Garzik
2003-03-23 23:06 ` Martin J. Bligh
2003-03-24 10:30 ` Stephan von Krawczynski
2003-03-24 10:43 ` Christoph Hellwig
2003-03-24 15:40 ` Martin J. Bligh
2003-03-24 16:55 ` Stephan von Krawczynski
2003-03-19 20:09 Matthew Grant
2003-03-19 21:34 ` Matthew Grant
2003-03-19 11:28 mlafon
[not found] <20030317161020$42ed@gated-at.bofh.it>
2003-03-17 18:39 ` Ben Pfaff
2003-03-18 1:46 ` Alan Cox
2003-03-17 16:04 Alan Cox
2003-03-17 17:57 ` Arjan van de Ven
2003-03-17 18:20 ` Tomas Szepe
2003-03-17 18:23 ` James Bourne
2003-03-17 18:27 ` Jeff Garzik
2003-03-21 21:17 ` Pavel Machek
2003-03-23 10:00 ` Stephan von Krawczynski
2003-03-23 13:41 ` Jeff Garzik
2003-03-23 15:58 ` Petr Baudis
2003-03-23 19:25 ` Martin Mares
2003-03-23 19:30 ` Alan Cox
2003-03-23 19:34 ` Martin Mares
2003-03-23 19:38 ` Alan Cox
2003-03-23 19:44 ` Martin Mares
2003-03-23 19:47 ` Robert Love
2003-03-23 19:55 ` Henrik Persson
2003-03-23 20:13 ` Robert Love
2003-03-23 20:46 ` Henrik Persson
2003-03-23 19:56 ` Martin Mares
2003-03-23 20:08 ` Russell King
2003-03-23 22:26 ` Alan Cox
2003-03-23 20:10 ` Robert Love
2003-03-23 20:30 ` Martin J. Bligh
2003-03-23 20:36 ` Pavel Machek
2003-03-23 21:20 ` Martin Hermanowski
2003-03-23 21:35 ` James Bourne
2003-03-23 21:53 ` Martin J. Bligh
2003-03-23 22:21 ` Jeff Garzik
2003-03-23 22:29 ` James Bourne
2003-03-23 22:57 ` Martin J. Bligh
2003-03-24 0:15 ` James Bourne
2003-03-23 22:43 ` Felipe Alfaro Solana
2003-03-23 22:54 ` Martin J. Bligh
2003-03-23 23:19 ` Alan Cox
2003-03-23 23:34 ` Martin J. Bligh
2003-03-24 3:35 ` Andrea Arcangeli
2003-03-24 3:54 ` Andrea Arcangeli
2003-03-24 6:56 ` Christoph Hellwig
2003-03-24 12:17 ` Alan Cox
2003-03-23 23:34 ` Jeff Garzik
2003-03-23 23:45 ` Martin J. Bligh
2003-03-24 0:07 ` J.A. Magallon
2003-03-24 6:52 ` Christoph Hellwig
2003-03-24 0:09 ` Christian Axelsson
2003-03-24 20:05 ` aradorlinux
2003-03-23 20:38 ` Arjan van de Ven
2003-03-23 20:51 ` Martin J. Bligh
2003-03-24 0:51 ` Juan Quintela
2003-03-24 1:29 ` Brian Tinsley
2003-03-23 20:54 ` Robert Love
2003-03-23 22:13 ` Martin J. Bligh
2003-03-23 21:51 ` Jeff Garzik
2003-03-23 21:59 ` Martin J. Bligh
2003-03-23 22:14 ` Jeff Garzik
2003-03-23 22:46 ` Martin J. Bligh
2003-03-25 11:35 ` Henning P. Schmiedehausen
2003-03-25 11:36 ` Henning P. Schmiedehausen
2003-03-23 20:09 ` Tomas Szepe
2003-03-23 20:21 ` Robert Love
2003-03-23 20:49 ` Jeff Garzik
2003-03-23 22:22 ` Alan Cox
2003-03-23 21:56 ` Jeff Garzik
2003-03-23 21:59 ` Arjan van de Ven
2003-03-24 15:33 ` jlnance
2003-03-23 19:53 ` Jörn Engel
2003-03-24 0:08 ` Sven Schuster
2003-03-24 0:20 ` James Bourne
2003-03-24 0:37 ` Sven Schuster
2003-03-24 0:50 ` James Bourne
2003-03-24 0:39 ` Jörn Engel
2003-03-24 2:54 ` H. Peter Anvin
2003-03-24 2:57 ` James Bourne
2003-03-24 2:59 ` H. Peter Anvin
2003-03-24 14:42 ` Dave Jones
2003-03-27 7:47 ` Pavel Machek
2003-03-26 20:30 ` Dave Jones
2003-03-26 20:41 ` H. Peter Anvin
2003-03-26 21:02 ` Jörn Engel
2003-03-27 5:20 ` James Bourne
2003-03-23 19:41 ` Tomas Szepe
2003-03-17 19:34 ` Alan Cox
2003-03-17 18:27 ` Tomas Szepe
2003-03-17 19:23 ` Neale Banks
2003-03-18 18:44 ` James Bourne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87of41ah7y.fsf@deneb.enyo.de \
--to=fw@deneb.enyo.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.