lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20250604211148.GJ299672@ZenIV>
Date: Wed, 4 Jun 2025 22:11:48 +0100
From: Al Viro <viro@...iv.linux.org.uk>
To: Matthew Wilcox <willy@...radead.org>
Cc: Konstantin Ryabitsev <konstantin@...uxfoundation.org>,
	Jan Kara <jack@...e.cz>, Christian Brauner <brauner@...nel.org>,
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
	Luka <luka.2016.cs@...il.com>
Subject: Re: [Bug] possible deadlock in vfs_rmdir in Linux kernel v6.12

On Wed, Jun 04, 2025 at 09:39:20PM +0100, Matthew Wilcox wrote:
> On Wed, Jun 04, 2025 at 04:11:21PM -0400, Konstantin Ryabitsev wrote:
> > Yes, hence my question. I think it's just a bad medium. It's actually the kind
> > of thing that bugzilla is okay to use for -- create a bug with attachments and
> > report it to the list, so maybe the original author can use that instead of
> > pastebin sites?
> 
> The "author" looks to be a bot, frankly.  At best yet-another-incompetent
> user of "my modified version of syzkaller".  There's no signal here,
> would recommend just banning.

FWIW, I suspect that we ought to document that *anything* (bug reports,
patches, etc.) sent should be reachable without the need to run javascript
or any similar crap.  Not sure what would be the best place for that,
though...

Seriously, this is pretty much on the same level as "don't send me
a binary as reproducer - I'm not going to run it".  Folks on these
lists are fairly tempting as targets; betting on the sandbox quality
in chromium/firepox/whatnot...  sorry, no.

*IF* hastebin really produces crap that can't be accessed without
interpreter of some sort, just bounce any mail that contains such links
with the obvious explanation.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ