Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In the context of the kernel, it’s hard to say when that’s true. It’s very easy to fix some bug that resulted in a kernel crash without considering that it could possibly be part of some complex exploit chain. Basically any bug could be considered a security bug.


plainly, crash = DoS = security issue = CVE.

QED.


BRB, raising a CVE complaining the OOM killer exists.


Memory leaks are usually (accurately) treated as DoS. OoM killer is a mitigation to contain them and not DoS the entire OS.


I could be wrong. But operation by design isn't considered a bug.


It is if some other condition is violated that is more important. Then the design might have to be reconsidered.


If it is faulty, then it's not a bug, it's a flaw.


It is possible to design a security vulnerability.


Oh, now that is an exciting area.


you either get OOMed or next malloc fails and that's also going to wreck havoc




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: