Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 29 Jun 2011 17:10:30 +0400
From: Vasiliy Kulikov <segoon@...nwall.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
	oss-security@...ts.openwall.com, security@...nel.org
Subject: Re: [Security] CVE request: kernel: taskstats/procfs io infoleak
 (was: taskstats authorized_keys presence infoleak PoC)

On Wed, Jun 29, 2011 at 15:11 +0400, Vasiliy Kulikov wrote:
> 2) as you say here:
> 
> READ = CONST + SENSITIVE + CONTROLLABLE
> 
> If CONST is known and CONTROLLABLE is controlled by an attacker then he
> may find C1 and C1+1 generating X kb - 1 and (X+1) kb traffic,

(X+1) kb - 1 and (X+1) kb of course, they are rounded to X and X+1 kbs,
respectively.

> respectively, revealing len(SENSITIVE).

-- 
Vasiliy Kulikov
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ