lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080716162949.GA7480@kroah.com>
Date:	Wed, 16 Jul 2008 09:29:49 -0700
From:	Greg KH <greg@...ah.com>
To:	pageexec@...email.hu
Cc:	Tiago Assumpcao <tiago@...umpcao.org>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, stable@...nel.org
Subject: Re: [stable] Linux 2.6.25.10

On Wed, Jul 16, 2008 at 05:43:15PM +0200, pageexec@...email.hu wrote:
> > Take a look at the words I used, if someone can't determine if they
> > should upgrade or not based on that,
> 
> your carefully chosen words are *wrong* in fact.

I do not think so, but you are free to disagree.

> exploiting local bugs has nothing to do with having untrusted users in
> the age of client side exploits. due to your completely
> mischaracterized description, individual home users may very well feel
> that they do not need to upgrade, to the delight of the next malware
> owning their browser. you can congratulate yourself Greg, you
> successfully misled a whole class of users.

No, I do not believe this is true, for this bug, sorry.  If you
disagree, please feel free to post such an exploit.  Such a problem
would be a browser issue, and totally out of scope for a kernel issue.

> > then they need to rely on a company
> > to provide updates for them, and not be running their own kernels
> > because they really have no clue about system management.
> 
> you conveniently failed to respond to the rest of my mail where i showed
> that Chris Wright, heck, even yourself did announce security fixes as such
> in the past. how do you explain that?

I am human and as such, word things differently at times.  Based on crap
like this thread, and from discussions with Linus and others, trying to
classify such things as "security fixes" all the time isn't useful or
helpful.

Again, I still feel my original wording was sufficent.  If you disagree,
feel free to start releasing your own kernels with whatever wording you
like.  If people find them useful, perhaps they will use them instead of
the ones I do at times.

good luck,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ