| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20101122.211923.193717252.davem@davemloft.net> Date: Mon, 22 Nov 2010 21:19:23 -0800 (PST) From: David Miller <davem@...emloft.net> To: shemminger@...tta.com Cc: ben@...adent.org.uk, gregkh@...e.de, netdev@...r.kernel.org, devel@...verdev.osuosl.org, debian-kernel@...ts.debian.org Subject: Re: [PATCH 1/3] decnet: Move to staging From: Stephen Hemminger <shemminger@...tta.com> Date: Mon, 22 Nov 2010 20:31:31 -0800 > On Tue, 23 Nov 2010 03:51:53 +0000 > Ben Hutchings <ben@...adent.org.uk> wrote: > >> Recent review has revealed several bugs in obscure protocol >> implementations that can be exploited by local users for denial of >> service or privilege escalation. >> >> The decnet protocol (PF_DECnet) is unmaintained. Since 2.6.12-rc2 the >> only changes appear to be adjustments for net API changes and fixes >> for bugs found by inspection. >> >> This protocol generally should not be enabled by distributions, since >> the cost of a security flaw affecting all installed systems presumably >> outweighs the benefit to the few (if any) legitimate users. >> >> Signed-off-by: Ben Hutchings <ben@...adent.org.uk> > > NAK there are still users and stuff does get fixed. > If you don't like it then disable it from config. Seriously, I can't even remember a bonifides security flaw in decnet being found recently and in fact the decnet stack is very well written code. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists