Date: Tue, 14 Apr 2015 22:33:38 -0400 From: Marc Deslauriers <marc.deslauriers@...onical.com> To: oss-security@...ts.openwall.com Subject: Re: Re: Problems in automatic crash analysis frameworks On 2015-04-14 08:29 PM, Michael Samuel wrote: > On 15 April 2015 at 07:08, Tavis Ormandy <taviso@...gle.com> wrote: > >>>>> import socket >>>>> socket.socket(socket.AF_UNIX, socket.SOCK_STREAM).bind('test\ntest') >>>>> sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) >>>>> sock.bind('/tmp/foo\nbar') >>>>> sock.listen(1) >> >> $ grep -A1 foo /proc/net/unix >> 0000000000000000: 00000002 00000000 00010000 0001 01 4772228 /tmp/foo >> bar > > This is a Linux kernel flaw/bug right? It's a machine-readable > newline-delimited > /proc file, so it needs to escape newlines if they're valid data. > > Regards, > Michael > That appears to have been previously brought up here: http://www.spinics.net/lists/netdev/msg320556.html Marc.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ