Return-Path: <linux-kernel-owner+willy=40w.ods.org-S262744AbVAJWSR@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S262744AbVAJWSR (ORCPT <rfc822;willy@w.ods.org>);
	Mon, 10 Jan 2005 17:18:17 -0500
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262737AbVAJWNp
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Mon, 10 Jan 2005 17:13:45 -0500
Received: from alog0183.analogic.com ([208.224.220.198]:7296 "EHLO
	chaos.analogic.com") by vger.kernel.org with ESMTP id S262725AbVAJWJg
	(ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Mon, 10 Jan 2005 17:09:36 -0500
Date: Mon, 10 Jan 2005 17:09:18 -0500 (EST)
From: linux-os <linux-os@chaos.analogic.com>
Reply-To: linux-os@analogic.com
To: Steve Bergman <steve@rueb.com>
cc: Linux kernel <linux-kernel@vger.kernel.org>
Subject: Re: Proper procedure for reporting possible security vulnerabilities?
In-Reply-To: <41E2F6B3.9060008@rueb.com>
Message-ID: <Pine.LNX.4.61.0501101707220.14001@chaos.analogic.com>
References: <41E2B181.3060009@rueb.com> <87d5wdhsxo.fsf@deneb.enyo.de>
 <41E2F6B3.9060008@rueb.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1468
Lines: 40


Are you sure it's an exploit? My information was that grsecurity
wanted some of their 'hooks' added to recent kernels and it hasn't
happened. That's not a security problem, that's an application
problem.

On Mon, 10 Jan 2005, Steve Bergman wrote:

> Florian Weimer wrote:
>
>> Contact your vendor.  You are using vendor kernels, are you? 8-)
>> 
>
> Actually I am having a discussion with a Pax Team member about how the recent 
> exploits discovered by the grsecurity guys should have been handled.  They 
> clam that they sent email to Linus and Andrew and did not receive a response 
> for 3 weeks, and that is why they released exploit code into the wild.
>
> Anyone here have any comments on what I should tell him?
>
> Thanks,
> Steve Bergman
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>

Cheers,
Dick Johnson
Penguin : Linux version 2.6.10 on an i686 machine (5537.79 BogoMips).
  Notice : All mail here is now cached for review by Dictator Bush.
                  98.36% of all statistics are fiction.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/