| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20140624211802.GC15068@pd.tnic>
Date: Tue, 24 Jun 2014 23:18:02 +0200
From: Borislav Petkov <bp@...en8.de>
To: Andy Lutomirski <luto@...capital.net>
Cc: "H. Peter Anvin" <hpa@...or.com>,
Richard Weinberger <richard@....at>, X86 ML <x86@...nel.org>,
Eric Paris <eparis@...hat.com>,
Linux Kernel <linux-kernel@...r.kernel.org>,
"security@...nel.org" <security@...nel.org>,
Steven Rostedt <rostedt@...dmis.org>,
Toralf Förster <toralf.foerster@....de>,
stable <stable@...r.kernel.org>,
Roland McGrath <roland@...hat.com>
Subject: Re: [PATCH] x86_32,entry: Do syscall exit work on badsys
(CVE-2014-4508)
On Tue, Jun 24, 2014 at 01:53:25PM -0700, Andy Lutomirski wrote:
> It confirms my sense that no one knows how to test this stuff :-/
> It's pretty clear that no one has ever extensively hammered it.
Someone might've known at some point but who knows who knew. :-)
> I wonder how much could be effectively rewritten in C. I'm thinking of
> redoing most of the entry work in C, but that won't help here.
Whatever you do, you'll have to do testing yourself, I'm afraid, here
too. And then, after the patch is long committed and forgotten, someone
would resurface complaining that it breaks some obscure use case.
Eeh, the sad life of a kernel developer. :-\
--
Regards/Gruss,
Boris.
Sent from a fat crate under my desk. Formatting is fine.
--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists