Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 28 Feb 2013 00:24:09 +0100
From: "Jason A. Donenfeld" <Jason@...c4.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request - Linux kernel: VFAT slab-based buffer overflow

On Thu, Feb 28, 2013 at 12:07 AM, Greg KH <greg@...ah.com> wrote:
> Really?  Ok then, please go ahead and try doing this yourself if you
> feel it is so "obvious" to do.

I did yesterday, actually. I saw some commit that said "use after
free!", saw that it was triggerable by an unpriv'd user, and sent it
into the list. Kurt took a look at it, agreed with the assessment, and
assigned a CVE. The commit itself said "use after free" -- I didn't
even have to do any heavy lifting or hair-splitting investigation.


>> Kernel developers are super smart -- some of the brightest guys out
>> there.
>
> Nope, we are dumb, we do uninteresting, boring work, dealing with broken
> hardware and demanding users every day.  If we were smarter, we wouldn't
> be doing this type of thing.

Come on...

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.