| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 01 Aug 2011 14:43:38 -0600 From: Tim Gardner <tim.gardner@...onical.com> To: Andi Kleen <andi@...stfloor.org> CC: "Eric W. Biederman" <ebiederm@...ssion.com>, dan@...ni.org, davem@...emloft.net, gregkh@...e.de, ak@...ux.intel.com, linux-kernel@...r.kernel.org, stable@...nel.org, tim.bird@...sony.com, stable@...r.kernel.org Subject: Re: [stable] [PATCH] [26/98] af_unix: Only allow recv on connected seqpacket sockets. On 08/01/2011 02:08 PM, Andi Kleen wrote: >> For 2.6.38, and Andi's 2.6.35 which has the potential for an >> unprivileged process to trigger an oops, it seems irresponsible to me to >> not include this change. People who exploit kernel flaws seem good at >> taking random Oops's and converting them into methods for privilege >> escalation. > > I'll ship 2.6.25.14 without the patch, but can you guys please come to a > conclusion whether the patch is useful or not. I'll reconsider it for .15. > > Thanks, > > -Andi > I'd go with Eric's assessment. He knows way more about this then I do. I am much less confident that the problem Ubuntu experienced with 2.6.35 was related, it only felt the same (similar network issues). rtg -- Tim Gardner tim.gardner@...onical.com -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists