Hacker News new | ask | show | jobs
by Skunkleton 163 days ago
In the context of the kernel, it’s hard to say when that’s true. It’s very easy to fix some bug that resulted in a kernel crash without considering that it could possibly be part of some complex exploit chain. Basically any bug could be considered a security bug.
1 comments
SSLy 163 days ago
plainly, crash = DoS = security issue = CVE.

QED.

link
michaelt 163 days ago
BRB, raising a CVE complaining the OOM killer exists.
link
pamcake 163 days ago
Memory leaks are usually (accurately) treated as DoS. OoM killer is a mitigation to contain them and not DoS the entire OS.
link
worthless-trash 163 days ago
I could be wrong. But operation by design isn't considered a bug.
link
samus 163 days ago
It is if some other condition is violated that is more important. Then the design might have to be reconsidered.
link
suspended_state 163 days ago
If it is faulty, then it's not a bug, it's a flaw.
link
lfllfkddl 162 days ago
It is possible to design a security vulnerability.
link
worthless-trash 162 days ago
Oh, now that is an exciting area.
link
SSLy 163 days ago
you either get OOMed or next malloc fails and that's also going to wreck havoc
link