Kyle Moffett <[email protected]> wrote:
> On May 25, 2005, at 09:15:33, Joerg Schilling wrote:
> > If Linux believes that there should be enhanced security similar to
> > Solaris and
> > if Linux is a true open Source business, then I would expect that
> > there is
> > cooperation. If I change things in e.g. mkisofs or cdrecord that
> > could result
> > in problems for my "users", I send a notification mail to the
> > XCDRoast & k3b
> > authors early enough.
>
> There was a security hole in the CD burner support. The Linux Kernel
> developers
> fixed it quickly. They were not planning to wait 6 months for you to
> get an
> updated version of cdrecord out the door in any case. If you want more
> information on the Linux Kernel security policy, please see a recent
> copy of the
> linux kernel for the file Documentation/SecurityBugs. To quote the
> relevant
Looks like you did not read the mail from me you were replying to.
The best way to fix a problem is to fix the problem and not to do something
else and to change the interface.
The problem was that you could send SCSI commands on R/O fds and fixing the
problem would have been to forbid sending SCSI commands on R/O fds.
Jörg
--
EMail:[email protected] (home) Jörg Schilling D-13353 Berlin
[email protected] (uni)
[email protected] (work) Blog: http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/old/private/ ftp://ftp.berlios.de/pub/schily
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]