| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 21 Aug 2022 10:46:24 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: Abhishek Shah <abhishek.shah@...umbia.edu>
Cc: jirislaby@...nel.org, linux-kernel@...r.kernel.org,
bjohannesmeyer@...il.com, jakobkoschel@...il.com,
xiam0nd.tong@...il.com, Gabriel Ryan <gabe@...columbia.edu>
Subject: Re: data-race in set_console / vt_ioctl
On Fri, Aug 19, 2022 at 09:06:27AM +0200, Greg KH wrote:
> On Thu, Aug 18, 2022 at 09:17:00PM -0400, Abhishek Shah wrote:
> > Hi all,
> >
> > We found a data race involving the *vt_dont_switch* variable. Upon further
> > investigation, we see that this racing variable controls whether the
> > callbacks will be scheduled in the console (see here
> > <https://elixir.bootlin.com/linux/v5.18-rc5/source/drivers/tty/vt/vt.c#L3032>),
> > but we are not sure of its security implications. Please let us know what
> > you think.
>
> Again, any patch that you might have to resolve this would be great, as
> that's the easiest thing to review.
Given the your lack of responses to the developer's responding to your
emails, and the fact that all of your original emails were sent in html
format which was rejected by the public mailing lists so no one else
could see them, I'm going to just drop all of these reports as being
something pretty useless.
If you wish to submit future reports, please read the
Documentation/process/researcher-guidelines.rst file on how to do this
properly in a way that will be useful, and be sure to actually respond
to developers who take the time to write back to your reports.
This is not a one-way process.
thanks,
greg k-h
Powered by blists - more mailing lists