| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Oct 2023 17:28:49 -0700 From: Jakub Kicinski <kuba@...nel.org> To: Pedro Tammela <pctammela@...atatu.com> Cc: markovicbudimir@...il.com, Christian Theune <ct@...ingcircus.io>, stable@...r.kernel.org, netdev@...r.kernel.org, Linux regressions mailing list <regressions@...ts.linux.dev>, davem@...emloft.net, edumazet@...gle.com, pabeni@...hat.com, Jamal Hadi Salim <jhs@...atatu.com> Subject: Re: [REGRESSION] Userland interface breaks due to hard HFSC_FSC requirement On Mon, 9 Oct 2023 12:31:57 -0300 Pedro Tammela wrote: > > Herm, how did we get this far without CCing the author of the patch. > > Adding Budimir. > > > > Pedro, Budimir, any idea what the original bug was? There isn't much > > info in the commit message. > > We had a UAF with a very straight forward way to trigger it. Any details? > Setting 'rt' as a parent is incorrect and the man page is explicit about > it as it doesn't make sense 'qdisc wise'. Being able to set it has > always been wrong unfortunately... Sure but unfortunately "we don't break backward compat" means we can't really argue. It will take us more time to debate this than to fix it (assuming we understand the initial problem). Frankly one can even argue whether "exploitable by root / userns" is more important than single user's init scripts breaking. The "security" issues for root are dime a dozen.
Powered by blists - more mailing lists