lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <49DE0BB8.5070909@andreas.org>
Date: Thu, 09 Apr 2009 16:52:40 +0200
From: Andreas Bogk <andreas@...reas.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Linux Kernel CIFS Vulnerability

Thierry Zoller wrote:
> AB> Neither the Linux kernel team, the CIFS maintainers nor any of
> AB> the commercial Linux distributors bothered to send out an advisory.
> AB> I'm at loss for words other than "irresponsible, arrogant
> AB> assholes".  Linux 2009 == Microsoft 2002.
> I  second  that,  the  reason is intersintg too; linus considers security
> bugs  as  nothing  else than normal bugs.

I don't mind his policy of "just fixing the bug".  But I do mind when 
the changelog doesn't clearly state "hey, we're fixing a security issue 
here".

> The door closes slowly
> for Linux in enterprises.
>   

So true, and so sad.  I remember a time when using Linux was giving 
actual security benefits over using Windows.  These times are over.

And the security gap between MS and Open Source products will continue 
to widen.  The only OS project I know about that seriously tried to 
improve fundamental architectural security issues was BitC and CoyotOS.  
BitC is a programming language designed to combine the speed of C with 
the soundness of strongly typed fundamental languages, thus preventing a 
lot of bug classes from the start, and enabling correctness proofs 
across the code.  The project won't be finished, since the main author, 
Jonathan Shapiro, will soon hold a "fairly senior position" in the 
Midori project at MS.

Andreas

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ