| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20101122203155.27534f3b@nehalam> Date: Mon, 22 Nov 2010 20:31:55 -0800 From: Stephen Hemminger <shemminger@...tta.com> To: Ben Hutchings <ben@...adent.org.uk> Cc: Andrew Hendry <andrew.hendry@...il.com>, David Miller <davem@...emloft.net>, Greg Kroah-Hartman <gregkh@...e.de>, netdev <netdev@...r.kernel.org>, devel@...verdev.osuosl.org, Debian kernel maintainers <debian-kernel@...ts.debian.org>, linux-x25@...r.kernel.org Subject: Re: [PATCH 3/3] x25: Move to staging On Tue, 23 Nov 2010 03:55:28 +0000 Ben Hutchings <ben@...adent.org.uk> wrote: > Recent review has revealed several bugs in obscure protocol > implementations that can be exploited by local users for denial of > service or privilege escalation. > > The x25 protocol (PF_X25) receives only 'odd fixes'. There appear to > be no published applications for it, and it has never progressed > beyond 'experimental' status. > > This protocol generally should not be enabled by distributions, since > the cost of a security flaw affecting all installed systems presumably > outweighs the benefit to the few (if any) legitimate users. > > Signed-off-by: Ben Hutchings <ben@...adent.org.uk> > --- > I'm somewhat less sure about this one; maybe it's improving? But there > is little enough sign of any usefulness after 10 years. > > There are several X25 dependencies that presumably should be moved too. No. If you don't like it then don't enable it. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists