| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20180504052731.jkwhs4h4fuia3pft@mwanda>
Date: Fri, 4 May 2018 08:27:32 +0300
From: Dan Carpenter <dan.carpenter@...cle.com>
To: Wenwen Wang <wang6495@....edu>
Cc: "open list:STAGING SUBSYSTEM" <devel@...verdev.osuosl.org>,
Aastha Gupta <aastha.gupta4104@...il.com>,
Roman Storozhenko <romeusmeister@...il.com>,
Andreas Dilger <andreas.dilger@...el.com>,
Jeff Layton <jlayton@...hat.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Kangjie Lu <kjlu@....edu>, NeilBrown <neilb@...e.com>,
open list <linux-kernel@...r.kernel.org>,
Oleg Drokin <oleg.drokin@...el.com>,
"moderated list:STAGING - LUSTRE PARALLEL FILESYSTEM"
<lustre-devel@...ts.lustre.org>
Subject: Re: [PATCH v2] staging: lustre: llite: fix potential missing-check
bug when copying lumv
There is no security problem here. The user is allowed to choose either
v1 or v3. Using a double read race condition to choose v1 is not
going to cause problems. It's slightly more complicated than just
choosing it directly but that doesn't make it a security issue.
It's a bit like typing with your feet in that just because using your
toes instead of your fingergs is more complicated, it doesn't make it a
security issue.
regards,
dan carpenter
Powered by blists - more mailing lists