[dundee] Get patchin!

Mon Feb 11 05:47:28 GMT 2008

Jason, your debian system is quite safe, I can't actually log into it at the
moment with a valid user name and password, now that's security. ;-). Helpdesk
are on it, but it's the Spanish inquisition, 'what exactly do you want to
use ssh for, they say'...at this point I just gave up.

vmspice huh, classic example of 'lets add x,y,z feature' to the mainline
kernel. I'm sure it was not intentional, the more features you add,
the more chance that stuff like this will slip through. 

more features = more lines of code = more potential security problems.

simple!

Personally I'd like the linux kernel to be shrinking (excluding drivers) ,
to where it's the bare essentials. Minimalism is the way forward. Maybe
it's time to look at bsd, or try to pretend that the gnu/hurd will actually
be finished one day! I wish the linux guys would take a leaf out of the bsd
book, constantly review and rewriting code, rather than integrating 
every feature under the sun. I guess linux kernel developers like the
glory of new features in the kernel, there's not much fun in being
the code janitor, mopping up other people's messes.

I presume the paid kernel developers too , their management needs
to see results , results = $$$ , I guess it's hard to justify spending a month
rewriting code, than saying 'hey, I've just wrote a new feature for the kernel,
how cool am I!'

so, extra features or security..the choice is yours.

What makes this so nasty, it seems to be very generic!!! It's also be lurking
in the kernel for many releases. I wonder if features like this get proper
security testing before they are submitted. I doubt it. Although security
patches for linux are quick to appear for 'know exploits' , can the same
be said for preventing those 'bugs' from appearing the first place.

The write code , patch later when exploited mentality has really got to stop.

And remember, for every exploit you know about, there are handful that
arn't disclosed. and that's really scary ;-). 

anyways, I'll bore you with more during my security talk soon.

After this, I'm  going back to amiga dos.

http://kerneltrap.org/node/7637e

extract from this interview.

'The last major kernel project I got into was splice, a new IO model based on a paper by Larry McVoy. I had read the paper many years ago, and while the idea was innovative and appealing, I felt there was a piece missing to really tie it into the kernel model. Splice describes a way to allow applications to move data around inside the kernel, without copying it back and forth between the kernel and user space. Essentially, you splice together two ends and allow the data to travel between them. Linus provided the missing piece of the puzzle, by suggesting that the splice buffers be tied to pipes. Like most good ideas, it is directly obvious once you understand it! So once that was settled, I wrote the kernel implementation and the associated system calls. There's a system call (sys_splice) that splices data from a file descriptor to a pipe (or vice versa), a system call to duplicate the contents of one pipe to another (sys_tee), and a system call that maps a user buffer into
 a pipe.'

azmodie <azmodie at gmail.com> wrote: lol. was just sending that myself.

-- 
Umbrella Corporation :-
"They are the fear within all of that there is a company. The Corporation controlling everything that is Umbrella.
A combination of Microsoft and the US Military. At some level there is a board of directors who meet once a
 month and decide all of our fates."
-- Jeremy Bolt - Producer - Resident Evil : Apocalypse _______________________________________________
dundee GNU/Linux Users Group mailing list
dundee at lists.lug.org.uk  http://dundee.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/dundee
Chat on IRC, #tlug on dundee.lug.org.uk

---------------------------------
 Sent from Yahoo! &#45; a smarter inbox.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.lug.org.uk/pipermail/dundee/attachments/20080211/a0bf8bac/attachment.html