From: Florian Weimer <fw@deneb.enyo.de>
To: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: Ptrace hole / Linux 2.2.25
Date: Sun, 23 Mar 2003 22:46:57 +0100 [thread overview]
Message-ID: <87of41ah7y.fsf@deneb.enyo.de> (raw)
In-Reply-To: <1048458288.10712.78.camel@irongate.swansea.linux.org.uk> (Alan Cox's message of "23 Mar 2003 22:24:49 +0000")
Alan Cox <alan@lxorguk.ukuu.org.uk> writes:
> On Sun, 2003-03-23 at 20:33, Florian Weimer wrote:
>> Well, this is a problem which will be fixed over time. Amorphous
>> distributions such as Debian will no longer be notified first, and
>
> Why would anyone do that.
Read the IIS rationale for not contacting Apache.
For a different perspective, ask some folks who are involved in the
current IIS issue. There are many reasons nowadays to restrict
information to non-citizens.
I'm not saying that this is reasonable, but there will always be
people unable to make a rational, informed decision, and if things get
irrational, those without the big pockets tend to lose.
Anyway, the current way security issues are handled will last a year,
maybe two. I'm not sure in which direction it will evolve, either far
more anarchistic (unlikely), or completely regulated (very likely, I
smell a lot of money down that road).
> Debian is a bunch of amateurs true, but they happen to be a bunch of
> extremely professional amateurs when it comes to security.
I'm not in a position to judge this because the process is too closed.
But in general, they seem to do a good job, I agree.
> If you get it wrong stuff leaks, take a look at the latest CERT fiasco
I don't think things were different if the issues were revealed in a
coordinated manner in June or July. You can't really fix it anyway
and my Kerberos guru tells me that the community has known for ages
that Kerberos 4 was broken at the protocol level. Nobody was bothered
enough to write it down, though.
And CERT/CC deliberately leaks stuff to unrelated parties, you know.
This time, you just don't have to pay for it.
next prev parent reply other threads:[~2003-03-23 21:35 UTC|newest]
Thread overview: 103+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20030323194012$6886@gated-at.bofh.it>
[not found] ` <20030323194014$66c3@gated-at.bofh.it>
[not found] ` <20030323195010$5026@gated-at.bofh.it>
[not found] ` <20030323195012$6f30@gated-at.bofh.it>
[not found] ` <20030323200029$737b@gated-at.bofh.it>
[not found] ` <20030323202005$2a74@gated-at.bofh.it>
2003-03-23 20:33 ` Ptrace hole / Linux 2.2.25 Florian Weimer
2003-03-23 22:24 ` Alan Cox
2003-03-23 21:46 ` Florian Weimer [this message]
2003-03-23 23:05 ` Alan Cox
[not found] ` <20030323200023$1a65@gated-at.bofh.it>
[not found] ` <20030323202014$096a@gated-at.bofh.it>
2003-03-23 20:35 ` Florian Weimer
2003-03-23 20:59 ` Robert Love
2003-03-27 14:47 Dr. Greg Wettstein
-- strict thread matches above, loose matches on Subject: below --
2003-03-23 22:38 Martin J. Bligh
2003-03-23 22:53 ` Jeff Garzik
2003-03-23 23:06 ` Martin J. Bligh
2003-03-24 10:30 ` Stephan von Krawczynski
2003-03-24 10:43 ` Christoph Hellwig
2003-03-24 15:40 ` Martin J. Bligh
2003-03-24 16:55 ` Stephan von Krawczynski
2003-03-19 20:09 Matthew Grant
2003-03-19 21:34 ` Matthew Grant
2003-03-19 11:28 mlafon
[not found] <20030317161020$42ed@gated-at.bofh.it>
2003-03-17 18:39 ` Ben Pfaff
2003-03-18 1:46 ` Alan Cox
2003-03-17 16:04 Alan Cox
2003-03-17 17:57 ` Arjan van de Ven
2003-03-17 18:20 ` Tomas Szepe
2003-03-17 18:23 ` James Bourne
2003-03-17 18:27 ` Jeff Garzik
2003-03-21 21:17 ` Pavel Machek
2003-03-23 10:00 ` Stephan von Krawczynski
2003-03-23 13:41 ` Jeff Garzik
2003-03-23 15:58 ` Petr Baudis
2003-03-23 19:25 ` Martin Mares
2003-03-23 19:30 ` Alan Cox
2003-03-23 19:34 ` Martin Mares
2003-03-23 19:38 ` Alan Cox
2003-03-23 19:44 ` Martin Mares
2003-03-23 19:47 ` Robert Love
2003-03-23 19:55 ` Henrik Persson
2003-03-23 20:13 ` Robert Love
2003-03-23 20:46 ` Henrik Persson
2003-03-23 19:56 ` Martin Mares
2003-03-23 20:08 ` Russell King
2003-03-23 22:26 ` Alan Cox
2003-03-23 20:10 ` Robert Love
2003-03-23 20:30 ` Martin J. Bligh
2003-03-23 20:36 ` Pavel Machek
2003-03-23 21:20 ` Martin Hermanowski
2003-03-23 21:35 ` James Bourne
2003-03-23 21:53 ` Martin J. Bligh
2003-03-23 22:21 ` Jeff Garzik
2003-03-23 22:29 ` James Bourne
2003-03-23 22:57 ` Martin J. Bligh
2003-03-24 0:15 ` James Bourne
2003-03-23 22:43 ` Felipe Alfaro Solana
2003-03-23 22:54 ` Martin J. Bligh
2003-03-23 23:19 ` Alan Cox
2003-03-23 23:34 ` Martin J. Bligh
2003-03-24 3:35 ` Andrea Arcangeli
2003-03-24 3:54 ` Andrea Arcangeli
2003-03-24 6:56 ` Christoph Hellwig
2003-03-24 12:17 ` Alan Cox
2003-03-23 23:34 ` Jeff Garzik
2003-03-23 23:45 ` Martin J. Bligh
2003-03-24 0:07 ` J.A. Magallon
2003-03-24 6:52 ` Christoph Hellwig
2003-03-24 0:09 ` Christian Axelsson
2003-03-24 20:05 ` aradorlinux
2003-03-23 20:38 ` Arjan van de Ven
2003-03-23 20:51 ` Martin J. Bligh
2003-03-24 0:51 ` Juan Quintela
2003-03-24 1:29 ` Brian Tinsley
2003-03-23 20:54 ` Robert Love
2003-03-23 22:13 ` Martin J. Bligh
2003-03-23 21:51 ` Jeff Garzik
2003-03-23 21:59 ` Martin J. Bligh
2003-03-23 22:14 ` Jeff Garzik
2003-03-23 22:46 ` Martin J. Bligh
2003-03-25 11:35 ` Henning P. Schmiedehausen
2003-03-25 11:36 ` Henning P. Schmiedehausen
2003-03-23 20:09 ` Tomas Szepe
2003-03-23 20:21 ` Robert Love
2003-03-23 20:49 ` Jeff Garzik
2003-03-23 22:22 ` Alan Cox
2003-03-23 21:56 ` Jeff Garzik
2003-03-23 21:59 ` Arjan van de Ven
2003-03-24 15:33 ` jlnance
2003-03-23 19:53 ` Jörn Engel
2003-03-24 0:08 ` Sven Schuster
2003-03-24 0:20 ` James Bourne
2003-03-24 0:37 ` Sven Schuster
2003-03-24 0:50 ` James Bourne
2003-03-24 0:39 ` Jörn Engel
2003-03-24 2:54 ` H. Peter Anvin
2003-03-24 2:57 ` James Bourne
2003-03-24 2:59 ` H. Peter Anvin
2003-03-24 14:42 ` Dave Jones
2003-03-27 7:47 ` Pavel Machek
2003-03-26 20:30 ` Dave Jones
2003-03-26 20:41 ` H. Peter Anvin
2003-03-26 21:02 ` Jörn Engel
2003-03-27 5:20 ` James Bourne
2003-03-23 19:41 ` Tomas Szepe
2003-03-17 19:34 ` Alan Cox
2003-03-17 18:27 ` Tomas Szepe
2003-03-17 19:23 ` Neale Banks
2003-03-18 18:44 ` James Bourne
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87of41ah7y.fsf@deneb.enyo.de \
--to=fw@deneb.enyo.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox