| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAM0EoMkKm4VcQB7p1abg9d-Pozz7fV-isexDtA1rGX+NuJEykA@mail.gmail.com> Date: Wed, 11 Oct 2023 13:27:34 -0400 From: Jamal Hadi Salim <jhs@...atatu.com> To: Jakub Kicinski <kuba@...nel.org> Cc: Pedro Tammela <pctammela@...atatu.com>, markovicbudimir@...il.com, Christian Theune <ct@...ingcircus.io>, stable@...r.kernel.org, netdev@...r.kernel.org, Linux regressions mailing list <regressions@...ts.linux.dev>, davem@...emloft.net, edumazet@...gle.com, pabeni@...hat.com Subject: Re: [REGRESSION] Userland interface breaks due to hard HFSC_FSC requirement On Tue, Oct 10, 2023 at 2:26 PM Jakub Kicinski <kuba@...nel.org> wrote: > > On Tue, 10 Oct 2023 11:02:25 -0400 Jamal Hadi Salim wrote: > > > > We had a UAF with a very straight forward way to trigger it. > > > > > > Any details? > > > > As in you want the sequence of commands that caused the fault posted? > > Budimir, lets wait for Jakub's response before you do that. I have > > those details as well of course. > > More - the sequence of events which leads to the UAF, and on what > object it occurs. If there's an embargo or some such we can wait > a little longer before discussing? > > I haven't looked at the code for more than a minute. If this is super > trivial to spot let me know, I'll stare harder. Didn't seem like the > qdisc as a whole is all that trivial. The qdisc is non-trivial. The good news is we now know there's at least one user for this qdisc ;-> cheers, jamal
Powered by blists - more mailing lists