Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1496154572.941.11.camel@gmail.com>
Date: Tue, 30 May 2017 10:29:32 -0400
From: Daniel Micay <danielmicay@...il.com>
To: Florian Weimer <fweimer@...hat.com>, oss-security@...ts.openwall.com
Cc: Roee Hay <roeehay@...il.com>
Subject: Re: Linux kernel: stack buffer overflow with
 controlled payload in get_options() function

init=/bin/bash -- arguments for bash running as real root

If a memory corruption bug via a kernel line option is a vulnerability,
so is this. It's a vulnerability in the verified boot implementation if
there's attacker control over the kernel line to this extent.

Even if we're going to treat memory corruption specially, you can
corrupt memory simply via crazy configuration on the kernel command
line... that is parsed properly, but then breaks at runtime. You can
also happily disable features like rodata to make your life easier,
since... you control the kernel line. I can't understand what kind of
threat model considers these valid CVEs.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.