| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20101106.165703.193714684.davem@davemloft.net> Date: Sat, 06 Nov 2010 16:57:03 -0700 (PDT) From: David Miller <davem@...emloft.net> To: torvalds@...ux-foundation.org Cc: drosenberg@...curity.com, chas@....nrl.navy.mil, kuznet@....inr.ac.ru, pekkas@...core.fi, jmorris@...ei.org, yoshfuji@...ux-ipv6.org, kaber@...sh.net, remi.denis-courmont@...ia.com, netdev@...r.kernel.org, security@...nel.org Subject: Re: [Security] [SECURITY] Fix leaking of kernel heap addresses via /proc From: Linus Torvalds <torvalds@...ux-foundation.org> Date: Sat, 6 Nov 2010 13:50:32 -0700 > On Saturday, November 6, 2010, Dan Rosenberg <drosenberg@...curity.com> wrote: >> >> Clearly, in most cases we cannot just remove the field from the /proc >> output, as this would break a number of userspace programs that rely on >> consistency. However, I propose that we replace the address with a "0" >> rather than leaking this information. > > I really think it would be much better to use the unidentified number > or similar. > > Just replacing with zeroes is annoying, and has the potential of > losing actual information. I would really like to see the specific examples of where this is happening, it sounds like something very silly to me. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists