| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Jun 2018 06:03:27 -0700
From: Christoph Hellwig <hch@...radead.org>
To: Jann Horn <jannh@...gle.com>
Cc: Christoph Hellwig <hch@...radead.org>, axboe@...nel.dk,
dgilbert@...erlog.com, Al Viro <viro@...iv.linux.org.uk>,
fujita.tomonori@....ntt.co.jp, jejb@...ux.vnet.ibm.com,
martin.petersen@...cle.com, linux-block@...r.kernel.org,
linux-scsi@...r.kernel.org,
kernel list <linux-kernel@...r.kernel.org>,
Kernel Hardening <kernel-hardening@...ts.openwall.com>,
security@...nel.org, Alexander Nezhinsky <alexandern@...lanox.com>,
Nicholas Bellinger <nab@...ux-iscsi.org>, stgt@...r.kernel.org
Subject: Re: [PATCH] sg, bsg: mitigate read/write abuse, block uaccess in
release
On Thu, Jun 21, 2018 at 02:51:16PM +0200, Jann Horn wrote:
> In the package https://packages.debian.org/stretch/tgt:
> https://sources.debian.org/src/tgt/1:1.0.73-1/usr/bs_sg.c/?hl=131#L131
> https://sources.debian.org/src/tgt/1:1.0.73-1/usr/bs_sg.c/?hl=236#L236
This is for real, although it is an optional case in an optional plug
in, so I'm not sure if any one actually uses bsg read/write with it
for real.
The usual aspects added. (the question is if bsg read/write support
is actually used in real life or can be removed)
> In the package https://packages.debian.org/stretch/sg3-utils:
> https://sources.debian.org/src/sg3-utils/1.42-2/examples/bsg_queue_tst.c/?hl=60#L60
This is just example code.
Powered by blists - more mailing lists