Date: Wed, 16 Jul 2008 18:57:03 +0100
From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: "Cheradenine Zakalwe" <sc.contact@gmail.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: The state of linux security
Message-ID: <20080716185703.4c223ed8@the-village.bc.nu>
In-Reply-To: <67b4e5f30807160905n224a7808tf346dd4d506edd25@mail.gmail.com>
References: <67b4e5f30807160905n224a7808tf346dd4d506edd25@mail.gmail.com>
Organization: Red Hat UK Cyf., Amberley Place, 107-111 Peascod Street,
 Windsor, Berkshire, SL4 1TE, Y Deyrnas Gyfunol. Cofrestrwyd yng Nghymru a
 Lloegr o'r rhif cofrestru 3798903
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8BIT
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1056
Lines: 23

> the relative security of linux and the likely hood that smart people
> are able to cause a bit of mindless vandalism or get up to much worse.

Distributions assign CVE numbers to kernel vulnerabilities. As
distributions like Fedora ship current kernels they provide a pretty
complete summary.

> One more thing I'd like to throw out there on the issue of
> accountability is this:  How do I know that some developers have not
> been paid to specifically introduce some obscure security flaw? 

Wrong question. Thats a very naïve basis for thinking about security. Why
should end users care whether a flaw was added deliberately or by
mistake. What matters is that the flaw is identified. A passive attacker
observing a flaw and using it is at least as dangerous if not more so
than an active attacker.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/