lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YwHw4IlvxWgCrhB4@kroah.com>
Date:   Sun, 21 Aug 2022 10:46:24 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     Abhishek Shah <abhishek.shah@...umbia.edu>
Cc:     jirislaby@...nel.org, linux-kernel@...r.kernel.org,
        bjohannesmeyer@...il.com, jakobkoschel@...il.com,
        xiam0nd.tong@...il.com, Gabriel Ryan <gabe@...columbia.edu>
Subject: Re: data-race in set_console / vt_ioctl

On Fri, Aug 19, 2022 at 09:06:27AM +0200, Greg KH wrote:
> On Thu, Aug 18, 2022 at 09:17:00PM -0400, Abhishek Shah wrote:
> > Hi all,
> > 
> > We found a data race involving the *vt_dont_switch* variable. Upon further
> > investigation, we see that this racing variable controls whether the
> > callbacks will be scheduled in the console (see here
> > <https://elixir.bootlin.com/linux/v5.18-rc5/source/drivers/tty/vt/vt.c#L3032>),
> > but we are not sure of its security implications. Please let us know what
> > you think.
> 
> Again, any patch that you might have to resolve this would be great, as
> that's the easiest thing to review.

Given the your lack of responses to the developer's responding to your
emails, and the fact that all of your original emails were sent in html
format which was rejected by the public mailing lists so no one else
could see them, I'm going to just drop all of these reports as being
something pretty useless.

If you wish to submit future reports, please read the
Documentation/process/researcher-guidelines.rst file on how to do this
properly in a way that will be useful, and be sure to actually respond
to developers who take the time to write back to your reports.

This is not a one-way process.

thanks,

greg k-h

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ