| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 23 May 2007 11:53:37 +0100 From: Michael-Luke Jones <mlj28@....ac.uk> To: Nitin Gupta <nitingupta910@...il.com> Cc: linux-kernel@...r.kernel.org, "Richard Purdie" <richard@...nedhand.com>, linux-mm-cc@...top.org Subject: Re: [RFC] LZO de/compression support - take 3 On 23 May 2007, at 09:27, Nitin Gupta wrote: > This contains LZO1X-1 compressor and LZO1X decompressor (safe and > standard version). I understand that the 'safe' decompression code is 'somewhat slower' and that decompressor performance is a key feature of this algorithm. However, I am concerned about the safety implications of including the 'unsafe' standard version in-kernel when likely uses include compression of network data, memory objects and so-on, all of which could in theory be maliciously modified. I'm no kernel or programming expert, so I may be off the mark with this one. To me, at least, even if the answer is 'no, there isn't a problem' that's still a valuable clarification :) Thanks, Michael-Luke Jones [please cc me on replies as I am not subscribed to lkml] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists