From: Florian Weimer <fw@deneb.enyo.de>
To: linux-kernel@vger.kernel.org
Subject: Re: Release of 2.4.21
Date: Thu, 20 Mar 2003 22:48:13 +0100 [thread overview]
Message-ID: <87of45emle.fsf@deneb.enyo.de> (raw)
In-Reply-To: <20030320211011$5967@gated-at.bofh.it> (Jeff Garzik's message of "Thu, 20 Mar 2003 22:10:11 +0100")
Jeff Garzik <jgarzik@pobox.com> writes:
> On Thu, Mar 20, 2003 at 09:43:01PM +0100, Florian Weimer wrote:
>> Releasing an official 2.4.21 with some fixes (and no new features) is
>> just a PR issue. I've already seen people comparing the alleged IIS
>> bug (or this new IE hole) and the ptrace() bug...
>
> Comparing, how? There is no comparison.
You know it, I know it, our readers know it. But the press puts them
on the same level nevertheless.
> This specific ptrace hole is closed, yay. Now what about the other
> 10,001 that still exist? People are blowing this ptrace bug WAY
> out of proportion.
I agree completely. Local security on traditional UNIX-like systems
is *so* poor that this bug doesn't really matter. No admin of a sane
mind lets untrusted users access important systems.
> The only reason why it demands a modicum of vendor responsibility is
> that a-holes are making easy-to-use exploits available for the
> script kiddies.
No, you miss a point. These exploits are important to keep you kernel
developers honest. Otherwise, you would have fixed this quitely, like
a couple of other bugs. Admins would assume that kernels offered a
decent level of local security, which can lead to very questionable
decisions.
next parent reply other threads:[~2003-03-20 21:37 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20030320205011$1378@gated-at.bofh.it>
[not found] ` <20030320205011$0acb@gated-at.bofh.it>
[not found] ` <20030320205011$2c88@gated-at.bofh.it>
[not found] ` <20030320211011$5967@gated-at.bofh.it>
2003-03-20 21:48 ` Florian Weimer [this message]
2003-03-20 21:17 Release of 2.4.21 Dow, Benjamin
2003-03-21 0:57 ` Alan Cox
[not found] <20030320200019$6ddc@gated-at.bofh.it>
[not found] ` <20030320203015$4839@gated-at.bofh.it>
2003-03-20 20:43 ` Florian Weimer
2003-03-20 21:03 ` Jeff Garzik
2003-03-20 21:33 ` H. Peter Anvin
2003-03-20 22:08 ` Sebastian D.B. Krause
2003-03-21 11:06 ` Oliver Feiler
2003-03-20 22:18 ` Arador
2003-03-21 1:20 ` Chris Wright
-- strict thread matches above, loose matches on Subject: below --
2003-03-20 19:56 Adrian Knoth
2003-03-20 20:21 ` Sebastian D.B. Krause
2003-03-20 20:34 ` Jeff Garzik
2003-03-20 20:42 ` Christoph Hellwig
2003-03-20 20:53 ` Jeff Garzik
2003-03-20 21:05 ` David Lang
2003-03-21 1:55 ` Andrew Morton
2003-03-21 0:13 ` John Bradford
2003-03-21 1:30 ` Samuel Flory
2003-03-21 9:33 ` John Bradford
2003-03-21 8:40 ` Bernd Petrovitsch
2003-03-21 9:23 ` John Bradford
2003-03-21 21:53 ` Daniel Egger
2003-03-22 8:27 ` John Bradford
2003-03-22 14:54 ` Daniel Egger
2003-03-21 1:01 ` Alan Cox
2003-03-21 0:04 ` David Lang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87of45emle.fsf@deneb.enyo.de \
--to=fw@deneb.enyo.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox