lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 01 Mar 2009 21:28:57 -0800 (PST)
From:	David Miller <davem@...emloft.net>
To:	kyle@...radead.org
Cc:	cebbert@...hat.com, netdev@...r.kernel.org
Subject: Re: oops / null deref in __inet6_check_established(), kernel
 2.6.29-rc6

From: Kyle McMartin <kyle@...radead.org>
Date: Mon, 2 Mar 2009 00:09:19 -0500

> On Fri, Feb 27, 2009 at 10:16:18PM -0500, Kyle McMartin wrote:
> > This only seems to show up when CONFIG_NET_NS is enabled. (Reproduced on
> > git HEAD with that option on, doesn't occur with the option off.)
> > 
> > I will confess complete ignorance to the network stack, but this patch
> > fixes things... ipv4 seems to have the same namespace support, but
> > increments the sock_net, not the twsk_net.
> > 
> > I'll probably put this patch into Fedora, if only to prevent this from
> > being used as a local DoS by an unprivileged user.
> > 
> > Signed-off-by: Kyle McMartin <kyle@...hat.com>
> > 
> 
> Any thoughts? This is a pretty serious issue... Granted we should
> probably just turn CONFIG_NET_NS off entirely, since it's
> underdocumented and should be explicitly labelled as experimental
> instead of just depending on it...

It's in my queue, I just haven't gotten to it yet.

Serious issue or not you have to be patient.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists