lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20120620233307.GA3120@burratino>
Date:	Wed, 20 Jun 2012 18:33:54 -0500
From:	Jonathan Nieder <jrnieder@...il.com>
To:	Ming Lei <ming.lei@...onical.com>
Cc:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org,
	Alan Stern <stern@...land.harvard.edu>, stable@...r.kernel.org
Subject: Re: [PATCH] driver core: fix shutdown races with probe/remove(v2)

Greg Kroah-Hartman wrote:
> On Tue, Jun 19, 2012 at 10:00:36AM +0800, Ming Lei wrote:

>> If Documentation/stable_kernel_rules.txt is the correct doc for stable rule,
>> looks reporter requirement isn't listed in the file, but the below can be found:
>>
>>           - No "theoretical race condition" issues, unless an explanation of
>>          how the race can be exploited is also provided.
>>
>> so I marked it as -stable because I have explained how the race can be
>> exploited in reality.
>
> Ok, but as this has been there since when, 2.5, I'll refrain from
> marking it this way, as no one has reported a real problem like this
> before.

Just to clarify, if I understand correctly, exploited != reproduced. :)

That is, if you have an example of how the race can be exploited by an
unprivileged prankster to make a sysadmin's life miserable, that would
definitely be real problem.  On the other hand, if you have a test case
for a rare race condition that has not appeared in the wild and is not
exploitable, that's very useful (test cases make programming much
easier!) but it doesn't make it qualify for stable.

Hope that helps,
Jonathan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ