lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 07 Mar 2008 09:00:04 +0100
From:	Andreas Jaeger <aj@...e.de>
To:	"H. Peter Anvin" <hpa@...or.com>
Cc:	Robert Dewar <dewar@...core.com>, "H.J. Lu" <hjl.tools@...il.com>,
	Jakub Jelinek <jakub@...hat.com>,
	NightStrike <nightstrike@...il.com>,
	Olivier Galibert <galibert@...ox.com>,
	Chris Lattner <clattner@...le.com>,
	Michael Matz <matz@...e.de>,
	Richard Guenther <richard.guenther@...il.com>,
	Joe Buck <Joe.Buck@...opsys.com>, Jan Hubicka <hubicka@....cz>,
	Aurelien Jarno <aurelien@...el32.net>,
	linux-kernel@...r.kernel.org, gcc@....gnu.org
Subject: Re: RELEASE BLOCKER: Linux doesn't follow x86/x86-64 ABI wrt direction  flag

"H. Peter Anvin" <hpa@...or.com> writes:

> Robert Dewar wrote:
>> H.J. Lu wrote:
>>
>>> So that is the bug in the Linux kernel. Since fixing kernel is much
>>> easier
>>> than providing a workaround in compilers, I think kernel should be fixed
>>> and no need for icc/gcc fix.
>>
>> Fixing a bug in the Linux kernel is not "much easier". You are taking
>> a purely engineering viewpoint, but life is not like that. There are
>> lots of copies of Linux kernels around and in use. The issue is not
>> fixing the kernel per se, it is propagating that change to all
>> Linux kernels in use -- THAT'S another matter entirely, and is
>> far far more difficult than making sure that a kernel fix is
>> qualified and widely proopagated.
>>
>
> Not really, it's just a matter of time.  Typical distro cycles are on
> the order of 3 years.

But distros release fixes regularly for their kernels - and adding a fix
for this issue with their next security update is something that is
possible for distros (at least for openSUSE ;-),

Andreas
-- 
 Andreas Jaeger, Director Platform / openSUSE, aj@...e.de
  SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
   Maxfeldstr. 5, 90409 Nürnberg, Germany
    GPG fingerprint = 93A3 365E CE47 B889 DF7F  FED1 389A 563C C272 A126

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ