| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHGf_=pr1AYeWZhaC2MKN-XjiWB7=hs92V0sH-zVw3i00X-e=A@mail.gmail.com> Date: Mon, 15 Oct 2012 22:34:53 -0400 From: KOSAKI Motohiro <kosaki.motohiro@...il.com> To: Dave Jones <davej@...hat.com>, Linux Kernel <linux-kernel@...r.kernel.org>, bhutchings@...arflare.com, linux-mm@...ck.org, Linus Torvalds <torvalds@...ux-foundation.org>, Andrew Morton <akpm@...ux-foundation.org> Subject: Re: mpol_to_str revisited. On Mon, Oct 8, 2012 at 11:09 AM, Dave Jones <davej@...hat.com> wrote: > Last month I sent in 80de7c3138ee9fd86a98696fd2cf7ad89b995d0a to remove > a user triggerable BUG in mempolicy. > > Ben Hutchings pointed out to me that my change introduced a potential leak > of stack contents to userspace, because none of the callers check the return value. > > This patch adds the missing return checking, and also clears the buffer beforehand. I don't think 80de7c3138ee9fd86a98696fd2cf7ad89b995d0a is right fix. we should close a race (or kill remain ref count leak) if we still have. Because of, this patch makes unstable /proc output and might lead to userland confusing. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists