lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 9 Nov 2017 10:14:22 -0600
From:   "Serge E. Hallyn" <>
To:     Mahesh Bandewar
         (महेश बंडेवार) <>
Cc:     "Serge E. Hallyn" <>,
        Christian Brauner <>,
        Boris Lukashev <>,
        Daniel Micay <>,
        Mahesh Bandewar <>,
        LKML <>,
        Netdev <>,
        Kernel-hardening <>,
        Linux API <>,
        Kees Cook <>,
        "Eric W . Biederman" <>,
        Eric Dumazet <>,
        David Miller <>
Subject: Re: [kernel-hardening] Re: [PATCH resend 2/2] userns: control
 capabilities of some user namespaces

Quoting Mahesh Bandewar (महेश बंडेवार) (
> Of course. Let's take an example of the CVE that I have mentioned in
> my cover-letter -
> CVE-2017-7308(
> It's well documented and even has a
> exploit(
> c-program that can demonstrate how it can be used against non-patched
> kernel. There is very nice blog
> post(
> about this vulnerability by Andrey Konovalov.

Ok, thanks.  It's a good example because the fix for this CVE actually
came by itself (
Normally multiple CVEs come at the same time, which would make a
workaround for one now helpful.  This is a good counter-example.

I'm going to maintain that I really don't like this.  But it looks
useful, so ack on the concept, I'll just have to look again at the
code now.  Thanks for indulging me.


Powered by blists - more mailing lists