|
Message-ID: <20130225201023.GA6537@openwall.com> Date: Tue, 26 Feb 2013 00:10:23 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] On Mon, Feb 25, 2013 at 07:45:01PM +0100, Mathias Krause wrote: > Did you even try to run the exploit on a v3.2 kernel? Or even more > simple, looked at the code of a v3.2 kernel? No. I think my role in this discussion is to bring up the right questions and have you answer them, for others to have those answers. I hope you don't mind. :-) Personally, I don't care about this specific bug much (not relevant), but I do care about handling of Linux kernel bugs in general. While we're at it, I notice that lately many of us use "kernel" in the Subject to refer to the Linux kernel. I wonder if this little detail makes this mailing list a little less comfortable for non-Linux folks. Maybe we should put "Linux" or "Linux kernel" into the Subject on those occasions, not to discourage non-Linux discussions in here. > There is no sock_diag > anywhere in the kernel; there is only inet_diag. And inet_diag hadn't > and still does not have the out-of-bounds access issue. So no, this > bug is non-existent on a v3.2 kernel. Thanks! Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.