|
Message-ID: <Pine.GSO.4.51.0810141450350.1682@faron.mitre.org> Date: Tue, 14 Oct 2008 14:51:16 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: kernel: don't allow splice() to files opened with O_APPEND On Mon, 13 Oct 2008, Eugene Teo wrote: > "[PATCH] Don't allow splice() to files opened with O_APPEND > > But Miklos convinced me that we should at least give it some thought, > and that accepting writes at arbitrary offsets is wrong at least for > IS_APPEND() files (which always have O_APPEND set, even if the reverse > isn't true: you can obviously have O_APPEND set on a regular file). Use CVE-2008-4554, to be filled in later. - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.