lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 9 Aug 2016 02:27:56 +0100
From:	Al Viro <viro@...IV.linux.org.uk>
To:	Ye Xiaolong <xiaolong.ye@...el.com>
Cc:	Valdis.Kletnieks@...edu, Nicholas Krause <xerofoify@...il.com>,
	0day robot <fengguang.wu@...el.com>,
	LKML <linux-kernel@...r.kernel.org>, lkp@...org
Subject: Re: [lkp] [fs] 45ec18d5c7: BUG: KASAN: user-memory-access on address
 00007f90291c7ec0

On Tue, Aug 09, 2016 at 09:17:58AM +0800, Ye Xiaolong wrote:
> On 08/08, Valdis.Kletnieks@...edu wrote:
> >On Sun, 07 Aug 2016 22:02:42 +0800, kernel test robot said:
> >
> >> FYI, we noticed the following commit:
> >>
> >> https://github.com/0day-ci/linux
> >> Nicholas-Krause/fs-Fix-kmemleak-leak-warning-in-getname_flags-about-working-on-unitialized-memory/20160804-055054
> >> commit 45ec18d5c713bccb9807782f0dca29b92ba99784 ("fs:Fix kmemleak leak warning in getname_flags about working on unitialized memory")
> >
> >The real question here is why the 0day system was even bothering to try
> >compiling and booting a patch from somebody who has a long record of failing
> >to do so with patches before submission.  Actually looking at the patch
> >in question shows that little or no thought or testing was done (hint:
> >look at it, and wonder in amazement why there's a dump_stack() call where
> >it is....)
> >
> >In other words - how did this patch get into a tree that 0day listens to?
> 
> 0Day has a service to automatically capture every patchset sent to LKML, and convert
> email patchset to git branches by applying them on top of different
> trees heuristically.

*raised eyebrows*

I really hope they are doing both builds and testing in a heavily isolated
environments, then.  Because you've just described an attack vector it's
vulnerable to...

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ