lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1366101691.8222.4.camel@shinybook.infradead.org>
Date:	Tue, 16 Apr 2013 09:41:31 +0100
From:	David Woodhouse <dwmw2@...radead.org>
To:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	David Howells <dhowells@...hat.com>
Cc:	linux-kernel@...r.kernel.org, stable@...r.kernel.org,
	Suresh Siddha <suresh.b.siddha@...el.com>,
	Artem Bityutskiy <dedekind1@...il.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Ben Hutchings <ben@...adent.org.uk>,
	Brad Spengler <spender@...ecurity.net>,
	linux-mtd@...ts.infradead.org
Subject: Re: [ 10/11] mtdchar: fix offset overflow detection

On Mon, 2013-04-15 at 15:35 -0700, Greg Kroah-Hartman wrote:
> On Mon, Apr 15, 2013 at 09:55:20PM +0100, David Woodhouse wrote:
> > On Sun, 2013-04-14 at 19:17 -0700, Greg Kroah-Hartman wrote:
> > > 3.0-stable review patch.  If anyone has any objections, please let
> me know.
> > 
> > Please use f5cf8f07423b2677cebebcebc863af77223a4972 instead (for 3.4
> > too).
> 
> Really?  I love the comment in that commit, "disable it for now until
> it
> can be fixed properly in the next merge window."  Yet that was back in
> October of last year, no one has actually fixed this issue, is that
> because it can't be properly fixed, or just because no one got around
> to it?

Because nobody cared. It's only really used on uclinux for XIP mapping
of code from RAM anyway. Support for MMU systems was added as an
afterthought. and it shows.

ISTR I was blaming dhowells for it at the time, and hoping for him to
fix it. Although that remembrance may be incorrect, or I could even have
been incorrect at the time. I'm not going to investigate further right
now; I'm not here. 2 days into paternity leave...

-- 
dwmw2


Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (6171 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ