Linux Kernel Security is Lacking

Linux Kernel Security is Lacking
Jason Miller, 2005-02-02

Recent events have shown that the way security in the Linux kernel is handled is broken, and it needs to be fixed right now.

Expand all | Post comment

Linux Kernel Security is Lacking 2005-02-02
Anonymous (1 replies)

Linux Kernel Security is Lacking 2005-02-04
Anonymous (5 replies)

Linux Kernel Security is Lacking 2005-02-05
Anonymous

Linux Kernel Security is Lacking 2005-02-06
Anonymous

"The numbers" and (deliberate?) failure to undestand what linux is 2005-02-07
RedHat not Linux User. (1 replies)

Re: The "numbers" and (deliberate?) failure to undestand what linux is 2005-02-07
Jason V. Miller (Author) (1 replies)

Vendors and kernel security 2005-02-09
Anonymous

Linux Kernel Security is Lacking 2005-02-11
Torian

Re: Linux Kernel Security is Lacking 2007-05-03
Anonymous

Linux Kernel Security is Lacking 2005-02-03
Anonymous (1 replies)

Linux Kernel Security is Lacking 2005-02-04
Jason V. Miller (Author)

Linux Kernel Security is Lacking 2005-02-03
Todd Knarr (1 replies)

Linux Kernel Security is Lacking 2005-02-04
Jason V. Miller (Author) (1 replies)

Linux Kernel Security is Lacking 2005-02-05
Todd Knarr (1 replies)

Linux Kernel Security is Lacking 2005-02-09
Joe Borsits (1 replies)

Linux Kernel Security is Lacking 2005-02-09
Todd Knarr (1 replies)

Linux Kernel Security is Lacking 2005-02-10
Joe Borsits

Linux Kernel Security is Lacking 2005-02-03
Anonymous (1 replies)

Linux Kernel Security is Lacking 2005-02-04
Jason V. Miller (Author) (1 replies)

Linux Kernel Security is Lacking 2005-02-05
RVGeerligs

Really? 2005-02-03
Anonymous

I eagerly await... 2005-02-03
Anonymous (5 replies)

I eagerly await... 2005-02-03
Anonymous

I eagerly await... 2005-02-03
Anonymous (2 replies)

I'm curious... what is the last kernel-level vulnerability discovered and patched for the current XP kernel? There were plenty of updates in SP2, but I don't recall if any of the recent vulnerabilities were kernel level.

The trick with the closed source development model is that we don't know what little vulns are waiting in the XP kernel. We simply don't have the same level of visibility which would result in groups like the grsecurity and PaX folks proactively finding vulns, reporting them to the vendor, and going for full disclosure. Meanwhile, the fact remains that the Linux kernel does not have a dedicated maintainer in charge of security. That was the thrust of the article. Comparing that to Windows, where a single vendor has end to end responsibility, is unfair at best.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/296/30334#30334

I eagerly await... 2005-02-04
Anonymous

I eagerly await... 2005-02-07
Anonymous

I eagerly await... 2005-02-04
Anonymous

I eagerly await... 2005-02-04
Anonymous (1 replies)

I eagerly await... 2005-02-09
Anonymous

Re: I eagerly await... 2005-02-04
Anonymous (1 replies)

Re: I eagerly await... 2005-02-04
Jason V. Miller

Computer Security is Oxymoron - FYI reading here: 2005-02-03
Anonymous (1 replies)

Computer Security is Oxymoron No Longer 2005-02-07
Kernel hacker

So, what now about kernel security? 2005-02-03
Anonymous (2 replies)

So, what now about kernel security? 2005-02-04
Jason V. Miller (Author) (2 replies)

So, what now about kernel security? 2005-02-05
Anonymous