lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20130607080239.GA10738@localhost>
Date:	Fri, 7 Jun 2013 09:02:39 +0100
From:	Jamie Iles <jamie.iles@...cle.com>
To:	Ben Hutchings <ben@...adent.org.uk>
Cc:	Willy Tarreau <w@....eu>, Jamie Iles <jamie.iles@...cle.com>,
	Dmitry Monakhov <dmonakhov@...nvz.org>,
	Lukas Czerner <lczerner@...hat.com>,
	dann frazier <dannf@...ian.org>, linux-kernel@...r.kernel.org,
	stable@...r.kernel.org
Subject: Re: [ 130/184] CVE-2012-4508 kernel: ext4: AIO vs fallocate stale

Hi Ben, Willy,

On Fri, Jun 07, 2013 at 06:42:05AM +0100, Ben Hutchings wrote:
> On Tue, 2013-06-04 at 19:23 +0200, Willy Tarreau wrote:
> > 2.6.32-longterm review patch.  If anyone has any objections, please let me know.
> > 
> > ------------------
> >  data exposure
> > 
> > From: Jamie Iles <jamie.iles@...cle.com>
> > 
> > CVE-2012-4508 kernel: ext4: AIO vs fallocate stale data exposure
> > [dannf: backported to Debian's 2.6.32]
> 
> Well, this has an interesting ancestry.  The original upstream commits
> were c278531d39f3158bfee93dc67da0b77e09776de2,
> 60d4616f3dc63371b3dc367e5e88fd4b4f037f65 and (most importantly)
> dee1f973ca341c266229faa5a1a5bb268bed3531 by Dmitry Monakhov
> <dmonakhov@...nvz.org>.  They were backported into the RHEL 6 kernel by
> Lukas Czerner, according to its changelog.  Dann got this version from
> Oracle's redpatch repository, where, if I understand rightly, Jamie Iles
> attempted to regenerate Lukas's patch(es).

That sounds correct to me - the patch is the result of splitting the 
large ext4 patch that RHEL did from 6.3 -> 6.4.  The Virtuozzo/OpenVZ 
folks came up with the same patch (independently I think) too.

> Would any of the above named be prepared to put their Signed-off-by to
> this?

Sure, I'd be happy to add my s-o-b.

Signed-off-by: Jamie Iles <jamie@...ieiles.com>

Thanks,

Jamie
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ