[Ksummit-2013-discuss] Topic Proposal: Handling Security Issues in the kernel

Greg KH greg at kroah.com
Tue Aug 13 17:35:12 UTC 2013


On Tue, Aug 13, 2013 at 09:20:32AM -0700, Kees Cook wrote:
> What's missing is an upstream accounting of commit ID that introduces
> a problem along with commit IDs that fix it. This can be cobbled
> together by the Mitre reports, but usually requires knowledge of the
> kernel area itself and some historical perspective. As yet, no one has
> stepped up to do this for the upstream kernels. (Distros do this on
> their own, generally.)

As I hear this a lot, I'll push back and say, if someone wants this,
please step up and do it.  But to ask for others to do it for them,
isn't ok.  Obviously it must not be something that companies really
want, as no one is funding it to happen :(

Same goes for the "we want people to do kernel security things".  Great,
do it, no one is stopping you.  Ted took the time to write up a proposal
a few years ago for one way of doing this and submitted it to the Linux
Foundation to get some "grant" money for a project like this.

I don't know what ever happened to that proposal (I wasn't working for
the LF at that point in time), but that's the furthest I've seen people
take this beyond just complaining that others aren't doing the work for
them...

thanks,

greg k-h


More information about the Ksummit-2013-discuss mailing list