lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <MDEHLPKNGKAHNMBLJOLKOEJCOEAC.davids@webmaster.com>
Date:	Fri, 18 Jul 2008 17:47:45 -0700
From:	"David Schwartz" <davids@...master.com>
To:	"Greg KH" <greg@...ah.com>
Cc:	<linux-kernel@...r.kernel.org>, <stable@...nel.org>
Subject: RE: [stable] Linux 2.6.25.10


Greg KH wrote:

> Personally, I omit posting full "and here is explicitly how to exploit
> this problem" notices as that is foolish.

That means only people with the time, energy, and expertise to create an
exploit will have an exploit. This includes probably 90% of the people who
would use the exploit maliciously and 100% of the people who pose a real
thread to the community. It does, however, ensure that the majority of
ordinary users won't be able to test their systems to see if they're
vulnerable or if the vulnerability is fixed. So at least it will have some
effect.

DS


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ