Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 29 May 2014 18:34:16 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: Re: CVE request: Linux kernel DoS with syscall
 auditing

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+-- On Wed, 28 May 2014, Andy Lutomirski wrote --+
| # auditctl -a exit,always -S open
| No privilege whatsoever is required to trigger the OOPS.

  I don't mean to nitpick but privileges would be required to add system call 
audit rules using auditctl(8). Mentioning it here as that's a precondition to 
trigger the said OOPS.

Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJThzBQAAoJEN0TPTL+WwQfM8wP/i4S9d5veuZ1n8YZDP9baTJs
vrBRy0t82/emDthALbI0laWB1vSK2VepckMzl65fmlm9bDveKADTvjjijdEvbxoR
KerSYoqIoMrZpbACGDyr8y0YIen39QiJhXdgHWukCJu6KxhQpgA5MlF6V4HEvYG/
d4wllITmxhihlQmdoq9HmCSkMxrWOAWiWkHxR+5XD4pNgUGtXMMzg1oadS1WQ4UK
t8K3ScEyo58FUsz5QiJtLcKC5X+KFlmKpf7uJgkFGWjWOiEj/O+p4n5aKyv6isBC
Jo967Gn1sN07VCcGZB60szliT8Fr57m4SETtadzNBnaInk4EXhmglMYi0suyHgPS
BuLVhf00zVT2QSLE1YFONQxjrZYaF2LatjKySZ0tegEYTv1LBWCpUW+5sIZQBHa/
2pxFbPi4TpfCckW/mP2gmElopv+rYHzkI4XrAxdKo91kZlFNM192n1LpthWcCQ5V
EPT8iUt0wHhUoC9d2PxP1oQvSPpyUGLghSupOFBOW1Tm5aBpt0dP0BzXtGZl2qHc
c+2cwpj3INQfIKdEwQsev8YscjxDrReBRK57fyKr9xKvhkNd2uRMjeSjS30tCIEw
obgeJbPZNts/nMiKgb7SM3vXaJpHVxvOa8yW4hl/GaRYb3Gurjv7Z27iHiQa9utb
3/jZ68Ww1yfp/28Ng4jw
=df0E
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ