lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Thu, 07 Jun 2012 12:19:22 +0200
From:	Richard Weinberger <richard@....at>
To:	Boaz Harrosh <bharrosh@...asas.com>
CC:	user-mode-linux-devel@...ts.sourceforge.net,
	gregkh@...uxfoundation.org, linux-kernel@...r.kernel.org,
	viro@...iv.linux.org.uk, jslaby@...e.cz, alan@...ux.intel.com
Subject: Re: [uml-devel] um: TTY fixes (?)

Am 07.06.2012 12:14, schrieb Boaz Harrosh:
> On 06/07/2012 12:22 PM, Alan Cox wrote:
>> On 06/07/2012 11:45 AM, Richard Weinberger wrote:
> 
>>>
>>> We cannot push this patch to Linus or -stable.
>>> The problem is that will break other things.
>>> E.g. login on non-tty0 terminals will break if the distro uses
>>> util-linux's login.
>>>
> 
> 
> I don't understand. Current code does not work at all even for
> tty0. as well as ttyX. Since 3-4 Kernels ago. I've been running with
> your patch for a long time.

Depends on your userspace.
On my setups it's very hard to trigger the bug.

> I really don't get it. You have not broken anything new. Only
> not fixed all of the problems. Current code does not work for "non-tty0
> terminals" as well right?

No, it works fine.

> I don't see Alan's comment at all. This is not a regression it was always
> like that. Ever since Fedora was working on UML, But these fixes are real
> live regression crashes.
> 
> And I don't see the all "leaving other vendors systems insecure". It just
> a freaking UML tty. You need to be root 5 times before you have access
> to all these, and it's only the UML that's compromised not the "all system"
> And surely the current plain tty0 crash is much less secure then this thing.

The "TTY problem" is not UML specific.

Thanks,
//richard


Download attachment "signature.asc" of type "application/pgp-signature" (491 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ