Date: Tue, 03 Oct 2000 17:55:55 -0600 From: Brett Glass <brett@lariat.org> To: Alfred Perlstein <bright@wintelcom.net>, Peter Wemm <peter@netplex.com.au> Cc: Jonathan Lemon <jlemon@hub.freebsd.org>, Paul Richards <paul@originative.co.uk>, Jordan Hubbard <jkh@winston.osd.bsdi.com>, Christopher Masto <chris@netmonger.net>, Warner Losh <imp@village.org>, Kris Kennaway <kris@FreeBSD.ORG>, Joseph Scott <joseph.scott@owp.csus.edu>, Brian Somers <brian@FreeBSD.ORG>, cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <4.3.2.7.2.20001003175130.043dc4c0@localhost> In-Reply-To: <20001003164236.Q27736@fw.wintelcom.net> References: <200010032326.e93NQ7H17213@netplex.com.au> <20001003155638.B73409@hub.freebsd.org> <200010032326.e93NQ7H17213@netplex.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
At 05:42 PM 10/3/2000, Alfred Perlstein wrote: >There's a large difference between kernel and userland here, kernel >changes need to be backported relatively quickly while userland >can allow for a longer test period. Seperate policies may serve >us better than one that covers the entire tree. What about root compromises in userland -- e.g. in setuid apps, daemons that run (or at least start) as root, etc.? It seems to me that the urgency of backporting a fix has more to do with the potential risk one incurs by running the unfixed code, rather than with which "ring" the code is in. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20001003175130.043dc4c0>