| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Nov 2010 23:10:24 +0100 From: Oliver Hartkopp <socketcan@...tkopp.net> To: David Miller <davem@...emloft.net> CC: urs@...ogud.escape.de, netdev@...r.kernel.org, drosenberg@...curity.com, security@...nel.org, torvalds@...ux-foundation.org Subject: Re: [PATCH] Fix CAN info leak/minor heap overflow On 10.11.2010 18:51, David Miller wrote: > From: Oliver Hartkopp <socketcan@...tkopp.net> > Date: Wed, 10 Nov 2010 07:52:27 +0100 > >> IMHO the patch improves the historic situation and fixes the useless leakage >> of kernel addresses. Please consider to apply that procfs changes. > > I'm only fine with fixing the kernel pointer fields in some way. > > But moving forward any other change to the procfs file is simply > a waste of time. > > You should create sysfs files and add logic to your tools to look > for them and use them if they exist. > > Your forward path _SHOULD NOT_ be continuing this procfs versioning > madness. Use something sane and do the work to make userland start > to be ready for this transition. Hm, summarizing the given restrictions and taking into account that just setting the pointer fields to '0' is said to be annoying, the only thing that can be fixed is the minor heap overflow caused by the char array. I'll send a patch for that. As you don't want to change the layout even if there's no tool relying on the entries i wanted to modify, i'll just stop my attempts to improve it. Regards, Oliver -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists