| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Nov 2017 12:25:53 -0800
From: Eric Dumazet <eric.dumazet@...il.com>
To: Joe Perches <joe@...ches.com>
Cc: Stephen Hemminger <stephen@...workplumber.org>,
davem@...emloft.net, pablo@...filter.org, kadlec@...ckhole.kfki.hu,
fw@...len.de, devel@...verdev.osuosl.org,
linux-decnet-user@...ts.sourceforge.net, netdev@...r.kernel.org,
netfilter-devel@...r.kernel.org, coreteam@...filter.org,
Stephen Hemminger <sthemmin@...rosoft.com>
Subject: Re: [PATCH net-next v2] net: move decnet to staging
On Mon, 2017-11-13 at 11:32 -0800, Joe Perches wrote:
> On Mon, 2017-11-13 at 09:11 -0800, Stephen Hemminger wrote:
> > Support for Decnet has been orphaned for some time.
> > In the interest of reducing the potential bug surface and pre-holiday
> > cleaning, move the decnet protocol into staging for eventual removal.
> []
> > diff --git a/drivers/staging/decnet/TODO b/drivers/staging/decnet/TODO
> []
> > @@ -0,0 +1,4 @@
> > +The DecNet code will be removed soon from the kernel tree as it is old,
> > +obsolete, and buggy.
>
> Old and obsolete, well OK, but
> what's buggy about decnet?
>
> https://bugzilla.kernel.org/buglist.cgi?quicksearch=decnet
>
> Zarro Boogs found.
>
Then that means nobody uses it.
And that syzkaller guys never bothered to add code to actually trigger
the bugs that are probably there. Probably they have bigger fishes to
fry at this moment.
If we leave the code there, chances are high that some hacker is
interested into exploiting the bugs.
Powered by blists - more mailing lists