oss-sec mailing list archives
Re: CVE request - Linux kernel: VFAT slab-based buffer overflow
From: Henri Salo <henri () nerv fi>
Date: Tue, 26 Feb 2013 22:42:41 +0200
On Tue, Feb 26, 2013 at 01:31:59PM -0700, Kurt Seifried wrote:
I suspect part of the problem is scale. Most people don't understand the scale at which the Linux Kernel and vendors handle bug fixes and code changes. External people simply see a few poorly handled security related issues and probably think "well how hard can it be to properly a few extra security flaws?" but they don't see that those 5 security issues were buried in 10,000 other code fixes. The resources needed to audit every code change for a security impact simply aren't available (and even if we had enough talented people who exactly is going to pay them all?).
Why should they be paid? I'd say problem is that there isn't lots of people who understand aspects needed to notice a security vulnerability in Linux kernel and it's even more difficult to fix it without breaking something else. Money is not the only thing getting stuff done. -- Henri Salo
Current thread:
- CVE request - Linux kernel: VFAT slab-based buffer overflow Joshua J. Drake (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Henri Salo (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Michael Gilbert (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Petr Matousek (Feb 26)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Solar Designer (Feb 27)
- Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 26)