Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 29 Jun 2011 21:35:19 +0400
From: Vasiliy Kulikov <>
To: Linus Torvalds <>
Cc: Andrew Morton <>,,
Subject: Re: [Security] CVE request: kernel: taskstats/procfs io infoleak
 (was: taskstats authorized_keys presence infoleak PoC)

On Wed, Jun 29, 2011 at 10:32 -0700, Linus Torvalds wrote:
> On Wed, Jun 29, 2011 at 10:21 AM, Vasiliy Kulikov <> wrote:
> >
> > So, with rounded read_characters value it's possible to learn privkey
> > length.
> Umm. You can trivially figure that out from the public key lenth
> already, can't you?

No, the attacker here have no information about the key at all.  It
tries to authorize with a random key and a random password.

Vasiliy Kulikov - bringing security into open computing environments

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ