On Thu, 16 Apr 2009 23:50:54 -0600 dann frazier wrote: > > > The support for dynamically loadable kernel modules in Linux can be > > > abuses similarly. Does that make it a "grave security issue"? > > > > probably...at least until someone comes up with a secure way to do it. > > Oh, come on. > > grave > makes the package in question unusable or mostly so, or causes > data loss, or introduces a security hole allowing access to the > accounts of users who use the package. > > Is the kernel really unusable/insecure because a root user can do > something bad? Wouldn't that give every package a grave bug by > definition?
maybe the definition needs to be rethought in the context of rootkits. i think the kernel has to be considered more insecure under the influence of a rootkit (since rootkits make it much harder to detect that your system has be compromized). > I certainly don't consider this issue invalid - and in fact, we have > taken action to resolve it for the next release - but please don't > blow it out of proportion. i'm not trying to blow it out of proportion; just trying to make sure that the issue gets the consideration that it deserves. -- To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
