1. There is a contact list in the documentation directory for direct email. Use this IF you use the "bleeding edge" kernels. It is more likely a "bug", that has security associated with it.

2. If you get your kernel from a vendor, contact the vendor. RH has a contact list, as does - I believe - the other vendors. Many vendors modify the kernel with their own adaptations. Not all of the changes has made it back to the development kernel - in some cases, these mods are NOT compatable with other development and were not accepted.

3. When all else fails there has always been the Linux Kernel mailing list.

Right now, I believe the discussion was on setting up a common mailing list for security problems, but don't expect immediate fixes if the problem is in a vendor specific modification.

You only mention two security project - neither has been accepted into the kernel (mostly because they don't cooperate with the developers by producing bite sized changes).

There are several others:

SELinux - Security Enhanced Linux, by the NSA,
OWL
the LSM project - which is getting modularized security capability into the kernel.
RSBAC - a role based security project

and more.

The lack of review of projects implies that you are a bit unfamilar with the existing Linux security controls.

The developers have NEVER been lax in security support.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/296/30322#30322