[ Thanks to Linux User &
Developer magazine for this link. ]
“The development cycle for the 2.6.36 kernel has
rapidly come to a close, and with it comes the preparation of new
features for the 2.6.37 ‘merge window’, which immediately follows
the 2.6.36 release. More on those new features in a moment. New
features are always exciting areas to work on: they pay the bills
and keep kernel developers’ brains stimulated in appropriate ways.
At this point, Linux averages 5.5 changes per hour, every hour of
every day, and is perhaps one of the most active software projects
in human history.
“With that rate of churn do come a few downsides we should be
mindful of, not the least of which are horribly embarrassing
security regressions. I’ve mentioned this topic before, but recent
events necessitate revisiting it once again.
“This month saw not one, but two large and widespread (across
many kernels) security problems to add to the compatibility system
call issue mentioned last time (which itself affected pretty much
every system out there). The first security bug has to do with a
change back in 2.6.23 that altered the manner in which command-line
options passed to new processes are handled to remove an arbitrary