lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20181101165121.GS32577@ZenIV.linux.org.uk>
Date:   Thu, 1 Nov 2018 16:51:21 +0000
From:   Al Viro <viro@...IV.linux.org.uk>
To:     "Eric W. Biederman" <ebiederm@...ssion.com>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [git pull] mount API series

On Wed, Oct 31, 2018 at 04:36:01PM +0000, Al Viro wrote:
> On Wed, Oct 31, 2018 at 10:38:17AM -0500, Eric W. Biederman wrote:
> > A couple of bugs that I can see quickly.  Several of which I have
> > previously reported:
> > 
> > - There is an easily triggered NULL pointer deference with open_tree
> >   and mount propagation.
> 
> What the hell?  If the fixes that went in do not handle something,
> especially if you have testcases, where the fuck have you been and
> where _are_ those testcases, while we are at it?
> 
> Eric, this is bloody ridiculous - "I have an easily triggered NULL pointer
> dereference in..., here it is" is hard to miscommunicate.  Sure, any such
> needs to be fixed.  For crying out loud, that thing has not been hidden -
> it sat in -next, it's been reposted several times...

Again, would you mind telling what exactly does the above refer to and whether
it is still true?  I'm not asking to put details in every time you mention
something of that sort, but generally one is expected to come up with those
on demand, especially if the bug _is_ easily triggered.

You, IIRC, had been Cc'd on the threads where open_tree breakage was
dealt with.  I can certainly believe that there might be something else
in that area (or any other, for that matter).  I *am* interested in finding
and fixing that and I would rather appreciate the details of what you
are seeing.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ