, 2005-02-02
Recent events have shown that the way security in the Linux kernel is handled is broken, and it needs to be fixed right now.
Expand all |
Post comment
Linux Kernel Security is Lacking
2005-02-02
Anonymous (1 replies)
Anonymous (1 replies)
Linux Kernel Security is Lacking
2005-02-04
Anonymous (5 replies)
Anonymous (5 replies)
"The numbers" and (deliberate?) failure to undestand what linux is
2005-02-07
RedHat not Linux User. (1 replies)
RedHat not Linux User. (1 replies)
Re: The "numbers" and (deliberate?) failure to undestand what linux is
2005-02-07
Jason V. Miller (Author) (1 replies)
Jason V. Miller (Author) (1 replies)
Linux Kernel Security is Lacking
2005-02-03
Todd Knarr (1 replies)
Todd Knarr (1 replies)
Linux Kernel Security is Lacking
2005-02-04
Jason V. Miller (Author) (1 replies)
Jason V. Miller (Author) (1 replies)
Linux Kernel Security is Lacking
2005-02-05
Todd Knarr (1 replies)
Todd Knarr (1 replies)
Linux Kernel Security is Lacking
2005-02-09
Joe Borsits (1 replies)
Joe Borsits (1 replies)
Linux Kernel Security is Lacking
2005-02-03
Anonymous (1 replies)
Anonymous (1 replies)
I eagerly await...
2005-02-03
Anonymous (5 replies)
Anonymous (5 replies)
flamer ! is not having an hidden mailing = we do'n't care about security
2005-02-04
Alban Browaeys (1 replies)
Alban Browaeys (1 replies)
flamer ! is not having an hidden mailing = we do'n't care about security
2005-02-04
Jason V. Miller (Author)
Jason V. Miller (Author)
First of all, this article fails to note a couple things about Spengler's original advisory. It does not mention that Spengler's idea of "vendor notification" was to send an e-mail direct to Linus Torvalds, rather than to the LKML or the relevant maintainer of that section of the kernel (and as a different poster mentioned, it doesn't take much effort to track down who maintains a particular area of the kernel). How many e-mails a day does Linus get, I wonder? It also does not mention that the advisory doubled as an advertisement/release announcement for Spengeler's new security product - as such, one could surmise that Spengler had more of a need for publicity and less of a need to actually report a vulnerability through the existing channels.
Second comment is that this article has a terribly misleading title. The real focus of the article is the lack of a central Linux kernel security contact, so how exactly does this end up getting translated to "Linux Kernel Security is Lacking?"
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/296/30335#30335