It seems that we are in for an extended period of the disclosure of vulnerabilities before fixes become available. One possible way of coping
with this flood might be the killswitch
proposal from Sasha Levin. In short, killswitch can immediately disable
access to specific functionality in a running kernel, essentially blasting
a vulnerable path (and its associated functionality) out of existence until
a fix can be installed. "For most users, the cost of 'this socket
family stops working for the day' is much smaller than the cost of running
a known vulnerable kernel until the fix land."
https://lwn.net/Articles/1071861/
--- SBBSecho 3.37-Linux
* Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (618:250/24)