"Month of Kernel Bugs" Project Head Interviewed 42
An anonymous reader writes "November has been labelled the 'Month of Kernel Bugs' in security circles. The Month of Kernel Bugs began on November 1, with the publication of a vulnerability in Apple's AirPort drivers. SecuriTeam blogs did an interview with LMH, who hosts the project."
Apple flaw? No. (Score:1, Interesting)
Re:Shifty business in the kernel. (Score:3, Interesting)
Well for starters Linux isn't the only kernel with bugs [theaimsgroup.com]. I'm not slamming OpenBSD but it was a very quick example.
The kernel of any OS is a very complicated piece of code and bugs can be very subtle and hard to spot. You have a wider range of inputs than other pieces of software and at the same time you have a large array of hardware and BIOS to interface and they all have potential bugs of their own.
I've gone through bug reports to try and understand what goes wrong and how it's fixed. Those programmers are very good at what they do and I've seen even the best and most secure coders introduce bugs.
Problem is more the secret fixing. (Score:3, Interesting)
It was more the practice of silently or clandestinely fixing bugs, without pointing out that the bug was there even after it's fixed, that seems like it's a problem. It means that contributions are going into the kernel tree that aren't well understood except by the person who's submitting them, or at least that's the impression that I get.
It's really that -- not-well-understood patches being submitted and accepted -- which I think is an issue. The relative merits of Linux vs OpenBSD isn't a can of worms I wanted to open up, except in how their processes for reviewing and accepting code differ.