Date: Wed, 4 Oct 2000 23:11:26 -0700 From: Alfred Perlstein <bright@wintelcom.net> To: "David O'Brien" <obrien@FreeBSD.ORG> Cc: cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: cvs commit: src/usr.bin/finger finger.c Message-ID: <20001004231126.T27736@fw.wintelcom.net> In-Reply-To: <20001004221921.F50210@dragon.nuxi.com>; from obrien@FreeBSD.ORG on Wed, Oct 04, 2000 at 10:19:21PM -0700 References: <20001003155638.B73409@hub.freebsd.org> <200010032326.e93NQ7H17213@netplex.com.au> <20001003164236.Q27736@fw.wintelcom.net> <20001004221921.F50210@dragon.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
* David O'Brien <obrien@FreeBSD.ORG> [001004 22:19] wrote: > On Tue, Oct 03, 2000 at 04:42:37PM -0700, Alfred Perlstein wrote: > > There's a large difference between kernel and userland here, kernel > > changes need to be backported relatively quickly while userland > > can allow for a longer test period. > > > Why is that -- I would almost say the opposite as the kernel is > [generally] more complex than userland. Several reasons: The kernel is one giant program and keeping it in relative sync is hard. (let's avoid the problems we had with 3.x) The kernel is more complex than userland, but since it's mostly self contained and doesn't do a lot of string parsing (which is where the majority of these vulnerabilities occur) it is actually easier to see what's going on, at least for me. There's a much heavier amount of peer review for core subsystems in the kernel. (sometimes it feels like a bit too much) The complexity of the kernel forces you to understand a great deal more about the internal interactions of various subsystems. It also does allow us to catch certain errors from our users tracking stable, while not an ideal way to find bugs (and definitely not the prefered way) it's better to have these things reach a wider audiance sooner so that the problem can be isolated. We _can_ back things out and we do have a good track record of restabilizing once a problem is found. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001004231126.T27736>