|
Message-ID: <CAHmME9phWpgdqeHmGKPZ3hW8rR293Z5xo2b8x=roKT01euoUUw@mail.gmail.com> Date: Thu, 28 Feb 2013 00:24:09 +0100 From: "Jason A. Donenfeld" <Jason@...c4.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request - Linux kernel: VFAT slab-based buffer overflow On Thu, Feb 28, 2013 at 12:07 AM, Greg KH <greg@...ah.com> wrote: > Really? Ok then, please go ahead and try doing this yourself if you > feel it is so "obvious" to do. I did yesterday, actually. I saw some commit that said "use after free!", saw that it was triggerable by an unpriv'd user, and sent it into the list. Kurt took a look at it, agreed with the assessment, and assigned a CVE. The commit itself said "use after free" -- I didn't even have to do any heavy lifting or hair-splitting investigation. >> Kernel developers are super smart -- some of the brightest guys out >> there. > > Nope, we are dumb, we do uninteresting, boring work, dealing with broken > hardware and demanding users every day. If we were smarter, we wouldn't > be doing this type of thing. Come on...
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.