Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.51.0812171055580.17008@faron.mitre.org>
Date: Wed, 17 Dec 2008 10:56:49 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
cc: Eugene Teo <eugeneteo@...nel.sg>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: Re: CVE request: kernel: applicom: fix an unchecked
 user ioctl range


On Wed, 17 Dec 2008, Marcus Meissner wrote:

> I guess the accessibility very much depends on the /dev/ac* device
> permissions here. For a multiport serial card I guess root/tty only.

If there are any realistic situations under which /dev/ac* might have less
stringent permissions, then that's good enough for inclusion - either the
default configuration, a common configuration, recommended vendor
practice, etc.

- Steve

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.