From: Valerie Henson <val_henson@linux.intel.com>
To: Martin Bligh <mbligh@google.com>
Cc: Paulo Marques <pmarques@grupopie.com>,
Andrew Morton <akpm@osdl.org>,
"Randy.Dunlap" <rdunlap@xenotime.net>,
ak@suse.de, linux-kernel@vger.kernel.org
Subject: Re: checklist (Re: 2.6.17-rc2-mm1)
Date: Mon, 1 May 2006 16:11:26 -0700 [thread overview]
Message-ID: <20060501231126.GH32385@goober> (raw)
In-Reply-To: <44567F09.9080902@google.com>
On Mon, May 01, 2006 at 02:35:05PM -0700, Martin Bligh wrote:
> Valerie Henson wrote:
> >
> >Honestly, the security nightmare begins with the compile. A patch to
> >the build system can result in arbitrarily insecure commands being run
> >during the compile - way easier than doing something that affects the
> >compiled kernel. A machine doing automatic compiles of untrusted
> >patches should be viewed as completely sacrificial from the beginning.
>
> True - good point ... but it's easier to chroot jail. And I'm lazy ;-)
> If anyone wants to make autotest (http://test.kernel.org/autotest)
> support some sort of virtual boot via creating a UML instance or
> something, that'd be great. But I won't hold my breath ;-)
I think you should do this, security issues be darned. Just wanted to
point out where the real concern was. And thanks in advance!
-VAL
next prev parent reply other threads:[~2006-05-01 23:12 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-27 8:41 2.6.17-rc2-mm1 Andrew Morton
2006-04-27 10:16 ` 2.6.17-rc2-mm1 Andi Kleen
2006-04-27 19:19 ` 2.6.17-rc2-mm1 Andrew Morton
2006-04-27 19:26 ` 2.6.17-rc2-mm1 Andi Kleen
2006-04-27 19:44 ` checklist (Re: 2.6.17-rc2-mm1) Randy.Dunlap
2006-04-27 20:11 ` Andrew Morton
2006-04-27 20:17 ` Randy.Dunlap
2006-04-27 20:36 ` Martin Bligh
2006-04-27 19:56 ` Andi Kleen
2006-04-27 21:00 ` Martin Bligh
2006-04-27 20:11 ` Andi Kleen
2006-04-27 21:22 ` Martin Bligh
2006-04-28 17:30 ` Rafał J. Wysocki
2006-04-27 21:00 ` Christoph Hellwig
2006-04-28 14:03 ` Paulo Marques
2006-04-28 15:22 ` Jan Engelhardt
2006-05-01 21:20 ` Valerie Henson
2006-05-01 21:35 ` Martin Bligh
2006-05-01 23:11 ` Valerie Henson [this message]
2006-04-27 20:52 ` Jan Dittmer
2006-04-27 21:01 ` Randy.Dunlap
2006-04-27 21:41 ` 2.6.17-rc2-mm1 Grant Coady
2006-04-27 21:50 ` 2.6.17-rc2-mm1 Randy.Dunlap
2006-04-27 22:16 ` 2.6.17-rc2-mm1 Andrew Morton
2006-04-27 10:27 ` 2.6.17-rc2-mm1 Michal Piotrowski
2006-04-27 13:07 ` 2.6.17-rc2-mm1 Michal Piotrowski
2006-04-27 15:28 ` 2.6.17-rc2-mm1 Greg KH
2006-04-27 15:32 ` 2.6.17-rc2-mm1 Michal Piotrowski
2006-04-27 20:53 ` 2.6.17-rc2-mm1 Greg KH
2006-04-27 22:09 ` 2.6.17-rc2-mm1 Michal Piotrowski
2006-04-27 15:26 ` 2.6.17-rc2-mm1 Greg KH
2006-04-27 15:43 ` 2.6.17-rc2-mm1 Michal Piotrowski
2006-04-27 15:01 ` 2.6.17-rc2-mm1: ACPI_DOCK=n, HOTPLUG_PCI_ACPI=y compile error Adrian Bunk
2006-04-27 15:47 ` 2.6.17-rc2-mm1 Matthieu CASTET
2006-04-27 18:02 ` 2.6.17-rc2-mm1 Vivek Goyal
2006-04-27 23:24 ` 2.6.17-rc2-mm1 Greg KH
2006-04-28 14:40 ` 2.6.17-rc2-mm1 Vivek Goyal
2006-04-28 16:07 ` 2.6.17-rc2-mm1 matthieu castet
2006-04-28 18:05 ` 2.6.17-rc2-mm1 Vivek Goyal
2006-04-27 17:57 ` [-mm patch] fix VIDEO_DEV=m, VIDEO_V4L1_COMPAT=y Adrian Bunk
2006-04-27 18:17 ` Andrew Morton
2006-04-27 20:15 ` Mauro Carvalho Chehab
2006-04-27 18:00 ` [-mm patch] fs/nfs/inode.c: make nfs_follow_referral() Adrian Bunk
2006-04-27 18:03 ` [-mm patch] mm/vmscan.c: make shrink_all_zones() static Adrian Bunk
2006-04-27 18:52 ` Rafael J. Wysocki
2006-04-27 20:33 ` [-mm patch] fs/gfs2/: possible cleanups Adrian Bunk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060501231126.GH32385@goober \
--to=val_henson@linux.intel.com \
--cc=ak@suse.de \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mbligh@google.com \
--cc=pmarques@grupopie.com \
--cc=rdunlap@xenotime.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox