| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20101109205008.GU5876@outflux.net> Date: Tue, 9 Nov 2010 12:50:08 -0800 From: Kees Cook <kees.cook@...onical.com> To: Pekka Enberg <penberg@...nel.org> Cc: linux-kernel@...r.kernel.org, Al Viro <viro@...iv.linux.org.uk>, Andrew Morton <akpm@...ux-foundation.org>, Jiri Slaby <jslaby@...e.cz>, "David S. Miller" <davem@...emloft.net>, Linus Torvalds <torvalds@...ux-foundation.org>, Hugh Dickins <hughd@...gle.com>, Manfred Spraul <manfred@...orfullife.com> Subject: Re: [PATCH] ipc: explicitly clear stack memory in user structs Hi Pekka, On Tue, Nov 09, 2010 at 10:43:07PM +0200, Pekka Enberg wrote: > On Tue, Oct 26, 2010 at 2:58 AM, Kees Cook <kees.cook@...onical.com> wrote: > > CVE-2010-4072 > > > > The old shm interface will leak a few bytes of stack contents. Explicitly > > clear structure using memset instead of C99-style initialization in case > > there are ever holes in the packing. > > > > Cc: stable <stable@...nel.org> > > Signed-off-by: Kees Cook <kees.cook@...onical.com> > > This looks like a genuine bug fix but I don't see this patch in > mainline. Why is that? No one has committed it. I don't know why; I've sent it a few times now. -Kees -- Kees Cook Ubuntu Security Team -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists