lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAA-qYXh27znv90bm4VosJzYM-jT-iLmPrrkMHoP53mT-72tBVw@mail.gmail.com>
Date:   Wed, 16 Feb 2022 11:03:40 +0800
From:   Jinmeng Zhou <jjjinmeng.zhou@...il.com>
To:     Eric Dumazet <eric.dumazet@...il.com>
Cc:     marcel@...tmann.org, johan.hedberg@...il.com, davem@...emloft.net,
        Jakub Kicinski <kuba@...nel.org>,
        linux-bluetooth@...r.kernel.org, netdev@...r.kernel.org,
        shenwenbosmile@...il.com
Subject: Re: 4 missing check bugs

Dear maintainers,

I double-check the newest version v5.17 and the stable version 5.16.9.
The code of the 4 functions remains the same.
Are they missing check bugs?

Thanks!


Best regards,
Jinmeng Zhou

On Wed, Feb 16, 2022 at 5:51 AM Eric Dumazet <eric.dumazet@...il.com> wrote:
>
>
> On 2/15/22 04:37, Jinmeng Zhou wrote:
> > Dear maintainers,
> >
> > Hi, our tool finds several missing check bugs on
> > Linux kernel v4.18.5 using static analysis.
> > We are looking forward to having more experts' eyes on this. Thank you!
> >
> > Before calling sk_alloc() with SOCK_RAW type,
> > there should be a permission check, ns_capable(ns,CAP_NET_RAW).
> > For example,
>
>
> v4.18 is not a stable kernel.
>
> No one is supposed to use v4.18.5, and expect others to fix bugs in it.
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ