[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Maintaining kernel source in sarge

On Sat, May 24, 2003 at 02:34:17PM -0400, Matt Zimmerman wrote:
> What benefit is there in not announcing these problems?  Security through
> obscurity?  How can we inform our users of their exposure when we are not
> informed ourselves about security problems?

Noise.  You can's accnounce every possibly security-related fix found
by an audit - note that it's not clear whether it actually _is_
security-relevant at this point and certainly no one wrote an exploit
for it.

> It is infortunate if this must sometimes happen, but hopefully it is an
> exception, and in those cases we will need to rebuild modules and provide
> for both kernel images to be installed at once.

It's not an exception.  Fixes can and will change the ABI all the time.
You should not expect to be able to load a binary kernel module into
_any_ other one than the one it was compiled against.  Sometimes
security fixes may even break the source API.  (remember the dcache
issues in 2.2.<early>?).

Reply to: