mirror of https://github.com/torvalds/linux.git
a03ef333fb
The use of automated tools to find bugs in random locations of the kernel induces a raise of security reports even if most of them should just be reported as regular bugs. This patch is an attempt at drawing a line between what qualifies as a security bug and what does not, hoping to improve the situation and ease decision on the reporter's side. It defers the enumeration to a new file, threat-model.rst, that tries to enumerate various classes of issues that are and are not security bugs. This should permit to more easily update this file for various subsystem-specific rules without having to revisit the security bug reporting guide. Cc: Greg KH <gregkh@linuxfoundation.org> Cc: Leon Romanovsky <leon@kernel.org> Suggested-by: Leon Romanovsky <leon@kernel.org> Suggested-by: Greg KH <gregkh@linuxfoundation.org> Reviewed-by: Leon Romanovsky <leon@kernel.org> Reviewed-by: Shuah Khan <skhan@linuxfoundation.org> Signed-off-by: Willy Tarreau <w@1wt.eu> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net> Message-ID: <20260509094755.2838-3-w@1wt.eu> |
||
|---|---|---|
| .. | ||
| debugging | ||
| 1.Intro.rst | ||
| 2.Process.rst | ||
| 3.Early-stage.rst | ||
| 4.Coding.rst | ||
| 5.Posting.rst | ||
| 6.Followthrough.rst | ||
| 7.AdvancedTopics.rst | ||
| 8.Conclusion.rst | ||
| adding-syscalls.rst | ||
| applying-patches.rst | ||
| backporting.rst | ||
| botching-up-ioctls.rst | ||
| changes.rst | ||
| code-of-conduct-interpretation.rst | ||
| code-of-conduct.rst | ||
| coding-assistants.rst | ||
| coding-style.rst | ||
| conclave.rst | ||
| contribution-maturity-model.rst | ||
| cve.rst | ||
| deprecated.rst | ||
| development-process.rst | ||
| email-clients.rst | ||
| embargoed-hardware-issues.rst | ||
| generated-content.rst | ||
| handling-regressions.rst | ||
| howto.rst | ||
| index.rst | ||
| kernel-docs.rst | ||
| kernel-driver-statement.rst | ||
| kernel-enforcement-statement.rst | ||
| license-rules.rst | ||
| maintainer-handbooks.rst | ||
| maintainer-kvm-x86.rst | ||
| maintainer-netdev.rst | ||
| maintainer-pgp-guide.rst | ||
| maintainer-soc-clean-dts.rst | ||
| maintainer-soc.rst | ||
| maintainer-tip.rst | ||
| maintainers.rst | ||
| management-style.rst | ||
| programming-language.rst | ||
| researcher-guidelines.rst | ||
| security-bugs.rst | ||
| stable-api-nonsense.rst | ||
| stable-kernel-rules.rst | ||
| submit-checklist.rst | ||
| submitting-patches.rst | ||
| threat-model.rst | ||
| volatile-considered-harmful.rst | ||