Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://social.kernel.org/objects/45cf122a-e0ad-41f8-b304-413f70dabcb7">Greg K-H (gregkh@social.kernel.org)'s status on Friday, 08-Mar-2024 21:34:56 JST</a><a href="https://social.kernel.org/users/gregkh" title="gregkh@social.kernel.org"><img src="https://gnusocial.jp/avatar/101452-48-20230224172713.webp" width="48" height="48" alt="Greg K-H" style="position: absolute; left: 0; top: 0;">Greg K-H</a><div><a href="https://mastodon.social/@vegard/112056988827499776" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/82340" title="larsmb@mastodon.online">Lars Marowsky-Brée 😷</a></li><li><a href="https://gnusocial.jp/user/109466" title="kernellogger@fosstodon.org">Thorsten Leemhuis (acct. 1/4)</a></li><li><a href="https://gnusocial.jp/user/113726" title="ljs@social.kernel.org">Lorenzo Stoakes</a></li><li><a href="https://gnusocial.jp/user/232842" title="pavel@social.kernel.org">Pavel Machek</a></li></ul></div></section><article><a href="https://mastodon.social/@vegard">@vegard</a> <a href="https://social.kernel.org/users/ljs">@ljs</a> <a href="https://fosstodon.org/@kernellogger">@kernellogger</a> <a href="https://mastodon.online/@larsmb">@larsmb</a> <a href="https://social.kernel.org/users/pavel">@pavel</a> "security impact" means you have to take into account your specific use case, and we have no idea what your use case is Remember, Linux is in cow milking machines, servers, helicopters on Mars, phones, utility meters, watches, mega-super-yacht-stabilizers, wind turbines, printers, cars, planes, trains, and more.  Doing an accurate "security impact" is going to be different for all of those cases.<br><br>To quote Ben Hawks, "It's hard to capture the fact that a bug can be super serious in one type of deployment, somewhat important in another, or no big deal at all -- and that the bug can be all of this at the same time. Vulnerability remediation is hard."<br><br>His full post is worth reading: <a href="https://blog.isosceles.com/what-is-a-good-linux-kernel-bug/">https://blog.isosceles.com/what-is-a-good-linux-kernel-bug/</a></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2802642#notice-5558821">In conversation</a><time datetime="2024-03-08T21:34:56+09:00" title="Friday, 08-Mar-2024 21:34:56 JST">about 9 months ago</time> <span>from <span><a href="https://social.kernel.org/objects/45cf122a-e0ad-41f8-b304-413f70dabcb7" rel="external" title="Sent from social.kernel.org via ActivityPub">social.kernel.org</a></span></span><a href="https://social.kernel.org/objects/45cf122a-e0ad-41f8-b304-413f70dabcb7">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: blog.isosceles.com</div><h5><a href="https://blog.isosceles.com/what-is-a-good-linux-kernel-bug/">What is a "good" Linux Kernel bug?</a></h5><div></div></header><div>I found my first Linux kernel vulnerability in 2006, but it wasn't a particularly good one. At the time I was just copying everything that my colleague Ilja van Sprundel was doing, and that was good enough to find something. If you watch Ilja's video from CCC, Unusual Bugs (2006)</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Greg K-H (gregkh@social.kernel.org)'s status on Friday, 08-Mar-2024 21:34:56 JSTGreg K-H
in reply to
@vegard @ljs @kernellogger @larsmb @pavel "security impact" means you have to take into account your specific use case, and we have no idea what your use case is Remember, Linux is in cow milking machines, servers, helicopters on Mars, phones, utility meters, watches, mega-super-yacht-stabilizers, wind turbines, printers, cars, planes, trains, and more. Doing an accurate "security impact" is going to be different for all of those cases.

To quote Ben Hawks, "It's hard to capture the fact that a bug can be super serious in one type of deployment, somewhat important in another, or no big deal at all -- and that the bug can be all of this at the same time. Vulnerability remediation is hard."

His full post is worth reading: https://blog.isosceles.com/what-is-a-good-linux-kernel-bug/
In conversationabout 9 months ago from social.kernel.orgpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: blog.isosceles.com
  What is a "good" Linux Kernel bug?
  I found my first Linux kernel vulnerability in 2006, but it wasn't a particularly good one. At the time I was just copying everything that my colleague Ilja van Sprundel was doing, and that was good enough to find something. If you watch Ilja's video from CCC, Unusual Bugs (2006)

Public

Embed Notice

HTML Code

Corresponding Notice