| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20091002.105659.102583702.davem@davemloft.net> Date: Fri, 02 Oct 2009 10:56:59 -0700 (PDT) From: David Miller <davem@...emloft.net> To: philipp.reisner@...bit.com Cc: linux-kernel@...r.kernel.org, netdev@...r.kernel.org, akpm@...ux-foundation.org, greg@...ah.com, dm-devel@...hat.com, zbr@...emap.net, linux-fbdev-devel@...ts.sourceforge.net Subject: Re: [PATCH 0/8] SECURITY ISSUE with connector From: Philipp Reisner <philipp.reisner@...bit.com> Date: Fri, 2 Oct 2009 14:40:03 +0200 > Affected: All code that uses connector, in kernel and out of mainline > > The connector, as it is today, does not allow the in kernel receiving > parts to do any checks on privileges of a message's sender. > > I know, there are not many out there that like connector, but as > long as it is in the kernel, we have to fix the security issues it has! > > Please either drop connector, or someone who feels a bit responsible > and has our beloved dictator's blessing, PLEASE PLEASE PLEASE take > this into your tree, and send the pull request to Linus. > > Patches 1 to 4 are already Acked-by Evgeny, the connector's maintainer. > Patches 5 to 7 are the obvious fixes to the connector user's code. > > For convenience these patches are also available as git tree: > git://git.drbd.org/linux-2.6-drbd.git connector-fix All applied to net-2.6, I'll push this out to Linus later today. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists