Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: The XMir Security Issue Should Now Be Resolved

  1. #11
    Join Date
    Jul 2013
    Location
    USA
    Posts
    715

    Default

    Quote Originally Posted by mjg59 View Post
    What is? The commit Michael references as fixing the problem is in the Mir libraries that I'm running.
    Can some one say Oops lol

  2. #12
    Join Date
    Aug 2008
    Location
    Netherlands
    Posts
    275

    Default No thanks

    Quote Originally Posted by LinuxGamer View Post
    "Should Be Resolved" but any ways, it was good you posted the, Article on XMir security issue's keep them coming to let users know a head of time it was shame they did not have a huge hole like this in there wiki or letting the users know a head of time
    Yeah... we want all the security related regressions, in every software project there is, on every possible moment...

    because thats interesting for... I don't know ... just "keep them coming to let users know a head of time"

  3. #13
    Join Date
    Jan 2011
    Posts
    1,287

    Default

    Quote Originally Posted by tmpdir View Post
    Yeah... we want all the security related regressions, in every software project there is, on every possible moment...

    because thats interesting for... I don't know ... just "keep them coming to let users know a head of time"
    It's funny how developers did acknowledge they need to put more warnings in several places (they stated there are several bugs filed where the user started testing an alpha release without having an idea of how to restore their systems if they lose the ability to boot) but some users are still on denial of this fact. You need to warn users of the risk of testing bleeding edge software, specially with a distro supposed to be newbie friendly: newbies don't always know beforehand such things. An experienced user will probably check the bug tracker by its own, but a newbie wouldn't know. Of course, as they acknowledge it, they did put more warnings in some places, like the wiki. Stating most of the issues. Also, knowing ahead of time is a way to make an informed decision about being ready for testing.

  4. #14
    Join Date
    Jul 2013
    Location
    USA
    Posts
    715

    Default

    [QUOTE=andydread;352868]
    Quote Originally Posted by LinuxGamer View Post
    "Should Be Resolved" but any ways, it was good you posted the, Article on XMir security issue's keep them coming to let users know a head of time it was shame they did not have a huge hole like this in there wiki or letting the users know a head of time

    --snip

    This software is not currently enabled in any distributed version of Ubuntu. So no. Its not a "shame" Is it a shame that the CONFIG_PERF_EVENTS MASSIVE hole was left in the Linux kernel for 2 whole years and distributed to world+dog and when they supposedly "patched" the gaping hole 4 months ago they failed to mention the criticality of this bug? is that a "shame"?
    Yes it was and You had to compile the kernel with the CONFIG_PERF_EVENTS and it was well known by Developers/Hackers you can use unsafe flags today to compile the kernel or BSD and you don't want Noob's Jumpping in to Testing Unsafe Software remember the Mir wiki is miss leading in this case to newb's

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •