Date: Thu, 6 Jan 2011 12:54:22 -0500 From: Michael Gilbert <michael.s.gilbert@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-NONE kernel: PHONET signedness issue On Thu, 06 Jan 2011 13:20:49 +0800, Eugene Teo wrote: > re: http://seclists.org/fulldisclosure/2011/Jan/39 > > Just in case someone tries to request a CVE name for this, I'm not > requesting for one because if you need CAP_SYS_ADMIN capability to > exploit this, you are already privileged. Right, but CAP_SYS_ADMIN != root, or at least it isn't meant to be. I mean if CAP_SYS_ADMIN == root, then one or the other doesn't need to exist. There is an exposure here, and for that it deserves a CVE identifier (of course in my opinion). See Brad Spengler's recent write-up . There should be some effort toward making those 21 root equivalent capabilities discussed there non-equivalent. Best wishes, Mike  http://forums.grsecurity.net/viewtopic.php?f=7&t=2522
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ