| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 25 May 2007 10:19:52 -0700 (PDT) From: Linus Torvalds <torvalds@...ux-foundation.org> To: Alan Cox <alan@...rguk.ukuu.org.uk> cc: Chris Newport <crn@...unix.com>, Ingo Molnar <mingo@...e.hu>, Christoph Lameter <clameter@....com>, Michal Piotrowski <michal.k.k.piotrowski@...il.com>, Andrew Morton <akpm@...ux-foundation.org>, LKML <linux-kernel@...r.kernel.org>, "Cherwin R. Nooitmeer" <cherwin@...il.com>, linux-pcmcia@...ts.infradead.org, Robert de Rooy <robert.de.rooy@...il.com>, Alan Cox <alan@...hat.com>, Tejun Heo <htejun@...il.com>, sparclinux@...r.kernel.org, David Miller <davem@...emloft.net>, Mikael Pettersson <mikpe@...uu.se>, linux1394-devel@...ts.sourceforge.net, Stefan Richter <stefanr@...6.in-berlin.de>, Kristian H?gsberg <krh@...planet.net>, linux-pm@...ts.linux-foundation.org, "Rafael J. Wysocki" <rjw@...k.pl>, Pavel Machek <pavel@....cz>, Marcus Better <marcus@...ter.se>, Andrey Borzenkov <arvidjaar@...l.ru>, linux-usb-devel@...ts.sourceforge.net, Greg Kroah-Hartman <gregkh@...e.de> Subject: Re: [2/3] 2.6.22-rc2: known regressions v2 On Fri, 25 May 2007, Alan Cox wrote: > > There is an additional factor - dumps contain data which variously is - > copyright third parties, protected by privacy laws, just personally > private, security sensitive (eg browser history) and so on. Yes. I'm sure we've had one or two crashdumps over the years that have actually clarified a bug. But I seriously doubt it is more than a handful. > Diskdump (and even more so netdump) are useful in the hands of a > developer crashing their own box just like kgdb, but not in the the > normal and rational end user response of "its broken, hit reset" Amen, brother. Even for developers, I suspect a _lot_ of people end up doing "ok, let's bisect this" or some other method to narrow it down to a specific case, and then staring at the source code once they get to that point. At least I hope so. Even in user space, you should generally use gdb to get a traceback and perhaps variable information, and then go look at the source code. Yes, dumps can (in theory) be useful for one-off issues, but I doubt many people have ever been able to get anything much more out of them than from a kernel "oops" message. For developers, I can heartily recommend the firewire-based remote debug facilities that the PowerPC people use. I've used it once or twice, and it is fairly simple and much better than a full dump (adn it works even when the CPU is totally locked up, which is the best reason for using it). But 99% of the time, the problem doesn't happen on a developer machine, and even if it does, 90% of the time you really just want the traceback and register info that you get out of an oops. Linus - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists