Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 25 Dec 2011 05:53:26 +0800
From: Eugene Teo <eteo@...hat.com>
To: kseifried@...hat.com
CC: oss-security@...ts.openwall.com, Moritz Muehlenhoff <jmm@...ian.org>,
        Vasiliy Kulikov <segoon@...nwall.com>
Subject: Re: Status of two Linux kernel issues w/o CVE assignments

>> 2: /proc/$PID/{sched,schedstat} information leak
>> Vasiliy Kulikov of OpenWall posted a demo exploit.
>> http://openwall.com/lists/oss-security/2011/11/05/3
>>
>> AFAICS no CVE ID was assigned to this?
> 
> I believe we are not assigning CVE's for these types of proc related
> issues, some discussion was had:
> 
> https://lkml.org/lkml/2011/2/7/368
> 
> http://www.google.com/custom?domains=lkml.org&q=%2Fproc%2F+leaks
> 
> but I'm not sure what the outcome is. CC'ing Eugene Teo.

IIRC, it's an issue but there's no resolution as existing code may break.

There are also,
/proc/{interrupts, stat}
https://lkml.org/lkml/2011/11/7/340

/dev/pts/, /dev/tty*
https://lkml.org/lkml/2011/11/7/355

I have not checked the status of these issues. Vasiliy, kindly shed some
light.

Happy holidays.

Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.