Date: Tue, 19 Jan 2016 16:47:32 -0600 From: ebiederm@...ssion.com (Eric W. Biederman) To: Dan Carpenter <dan.carpenter@...cle.com> Cc: linux-kernel@...r.kernel.org, kernel-hardening@...ts.openwall.com Subject: Re: 2015 kernel CVEs Dan Carpenter <dan.carpenter@...cle.com> writes: > I like to look back over old CVEs to see how we could do better. Here > is the list from 2015. I got most of this information from the Ubuntu > CVE tracker. Thanks Ubuntu!. If it doesn't have a hash that means it > might not be fixed yet. > > CVE-2015-8709 : ptrace: race in user namespaces let's users trace root processes As this isn't a kernel bug, and is not a race, and no one has even bothered to see if any userspace processes are this stupid I don't even think that qualifies as a CVE. There is room for improvement in this area but I don't see how this qualifies as a CVE. So for doing better I recommend a little more vetting and paying attention before assigning CVEs. Eric
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.