| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 7 Apr 2016 09:22:43 +0200 From: Vegard Nossum <vegard.nossum@...cle.com> To: David Miller <davem@...emloft.net> Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org, Vegard Nossum <vegard.nossum@...cle.com>, Eric Dumazet <eric.dumazet@...il.com>, Sasha Levin <sasha.levin@...cle.com> Subject: [PATCH] net: mark DECnet as broken There are NULL pointer dereference bugs in DECnet which can be triggered by unprivileged users and have been reported multiple times to LKML, however nobody seems confident enough in the proposed fixes to merge them and the consensus seems to be that nobody cares enough about DECnet to see it fixed anyway. To shield unsuspecting users from the possible DOS, we should mark this BROKEN until somebody who actually uses this code can fix it. Signed-off-by: Vegard Nossum <vegard.nossum@...cle.com> Link: https://lkml.org/lkml/2015/12/17/666 Cc: Eric Dumazet <eric.dumazet@...il.com> Cc: Sasha Levin <sasha.levin@...cle.com> Cc: David Miller <davem@...emloft.net> --- net/decnet/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/net/decnet/Kconfig b/net/decnet/Kconfig index f3393e1..b040172 100644 --- a/net/decnet/Kconfig +++ b/net/decnet/Kconfig @@ -3,6 +3,7 @@ # config DECNET tristate "DECnet Support" + depends on BROKEN ---help--- The DECnet networking protocol was used in many products made by Digital (now Compaq). It provides reliable stream and sequenced -- 1.9.1
Powered by blists - more mailing lists