linux-kernel-cves-what-has-caused-so-many-to-suddenly-show-up-linuxcvedaelsdi-jiong-bi-dyags-greg-kroah-hartman-kernel-maintainer-linux-fellow.pdf

《linux-kernel-cves-what-has-caused-so-many-to-suddenly-show-up-linuxcvedaelsdi-jiong-bi-dyags-greg-kroah-hartman-kernel-maintainer-linux-fellow.pdf》由会员分享，可在线阅读，更多相关《linux-kernel-cves-what-has-caused-so-many-to-suddenly-show-up-linuxcvedaelsdi-jiong-bi-dyags-greg-kroah-hartman-kernel-maintainer-linux-fellow.pdf（67页珍藏版）》请在三个皮匠报告上搜索。

1、Linux Kernel Security ProcessLinux Kernel Security Processoror“Why are there so many kernel CVEs now?”Why are there so many kernel CVEs now?”Greg Kroah-Hartmangregkhlinuxfoundation.orggit.sr.ht/gregkh/presentation-securityAll of this is just my personal opinion,based on working as part of the Linux

2、kernel security team since it was created in 2005.Nothing in here reflects the opinion of the Linux Foundation or any other Linux kernel developer.But hopefully I can convince them to agree with me.Disclaimer 85,000 files38,640,000 linesKernel release 6.10.0Linux size overall 5%-10%Linux size what y

3、ou useKernel release 6.10.09 changes per hourNew*release modelRelease every 2-3 monthsAll releases are stable*As of January,2004“Cambridge promise”We will not break userspace July 2007“Cambridge promise”We will not break userspace on purpose July 2007Version numbers mean nothing2.6.x 3.x20113.x 4.x2

4、0154.x 5.x20195.x 6.x2022You are hereYou are hereDevelopers are hereDevelopers are hereStable kernel rulesBugfixLess than 100 linesNew ids or quirksMust be in Linuss tree https:/www.kernel.org/doc/html/latest/process/stable-kernel-rules.htmlhttps:/www.kernel.org/doc/html/latest/process/stable-kernel

5、-rules.html Longterm kernelsOne picked per yearMaintained for at least 2 years*4.19 5.4 5.10 5.15 6.1 6.6*sometimes longerLongterm kernels4.19 14 changes/day5.416 changes/day5.10 21 changes/day5.1524 changes/day6.129 changes/day6.633 changes/dayKernel releasesEvery release is stable17+year old guara

6、ntee to not break thingsNo fear to ever upgradeMore release information in greater detail:http:/ world has changed80%+of the worlds servers runs non-commercial distribution kernels*inter-company interactions achieve nothingThe“community”does not sign NDAs*Embedded it is like 99%,look at what is in y