lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87ziw14263.fsf@x220.int.ebiederm.org>
Date:	Tue, 19 Jan 2016 16:47:32 -0600
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Dan Carpenter <dan.carpenter@...cle.com>
Cc:	linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com
Subject: Re: [kernel-hardening] 2015 kernel CVEs

Dan Carpenter <dan.carpenter@...cle.com> writes:

> I like to look back over old CVEs to see how we could do better.  Here
> is the list from 2015.  I got most of this information from the Ubuntu
> CVE tracker.  Thanks Ubuntu!.  If it doesn't have a hash that means it
> might not be fixed yet.
>
> CVE-2015-8709 : ptrace: race in user namespaces let's users trace root processes

As this isn't a kernel bug, and is not a race, and no one has even
bothered to see if any userspace processes are this stupid I don't even
think that qualifies as a CVE.

There is room for improvement in this area but I don't see how this
qualifies as a CVE.

So for doing better I recommend a little more vetting and paying
attention before assigning CVEs.

Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ