F15 - status of /run/user, /dev/shm, and potential for a DoS attack
Adam Williamson
awilliam at redhat.com
Wed May 18 19:55:31 UTC 2011
On Wed, 2011-05-18 at 19:35 +0000, JB wrote:
> The end users of F15 are at risk.
> They should be fully advised what's the danger with this product.
> After all, it is an open-source project.
>
> The issue is serious, because it raises not only technical questions, but also
> internal (Security, QA, etc teams) and policy ones.
Your post is long on platitudes and short on specifics. It's not very
convincing, frankly. It's all very well to soapbox about the importance
on security, but you need a solid justification as to why you believe
local DoS exploits should be treated as a major issue.
Please also consider the target audience and intended use cases of
Fedora in doing so. Fedora is not a distribution we generally expect to
be put into use in contexts where a DoS is a really significant problem;
we don't expect anyone to be running it on critical servers. This is one
we reason we tend to consider code execution issues to be far more
serious. It's also likely that it is not commonly used in a true
multi-user configuration with non-trusted users. Remember that Fedora is
not RHEL.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the test
mailing list