| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 08 Nov 2010 11:14:18 +0100 From: Eric Dumazet <eric.dumazet@...il.com> To: Andi Kleen <andi@...stfloor.org> Cc: David Miller <davem@...emloft.net>, drosenberg@...curity.com, chas3@...rs.sourceforge.net, tytso@....edu, torvalds@...ux-foundation.org, kuznet@....inr.ac.ru, pekkas@...core.fi, jmorris@...ei.org, yoshfuji@...ux-ipv6.org, kaber@...sh.net, remi.denis-courmont@...ia.com, netdev@...r.kernel.org, security@...nel.org Subject: Re: [Security] [SECURITY] Fix leaking of kernel heap addresses via /proc Le lundi 08 novembre 2010 à 10:43 +0100, Andi Kleen a écrit : > > When a printk() happens right before a BUG(), how are we going to check > > the dumped registers are possibly close the socket involved, if we dont > > have access to the machine, and only the crashlog ? > > Is that really something you do regularly? It seems highly obscure > to me. Yes, very regularly, I can find bugs thanks to every bit of information found in kernel logs, including code around the fault. If people now say : "I have a kernel bug, but am not able to provide you a kernel stack trace and previous printk() messages because of security. You cannot have an access to this machine, and the bug happens once in a while. Kernel version is also hidden. Please help me." Oh well, thats a challenge, maybe use this cristal ball I have somewhere in the attic ;) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists