Date: Wed, 23 Feb 2011 11:26:18 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: Josh Bressers <bressers@...hat.com>, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE request: kernel: a collection of world-writable debugfs bugs On 02/22/2011 09:01 PM, Josh Bressers wrote: > Do we know the affected versions? This probably won't be 20 IDs, > but I suspect it won't be one either. Just some, not all, since not all the patches listed here affect Red Hat and I do not think I want to go through them again. Other vendors affected by these can provide their inputs. I read some interesting discussions on LKML. These require debugfs to be mounted on a local system. It is usually not mounted by default, and you would not want to mount it on a production system unless you really have to use the kernel tracer, etc. ----- Original Message ----- > > There are 20 patches here - some are accepted, some are probably > > pending. All from Vasiliy Kulikov. > > > > [PATCH 01/20] mach-omap2: mux: world-writable debugfs files > > https://lkml.org/lkml/2011/2/4/66 arm arch > > > > [PATCH 02/20] mach-omap2: pm: world-writable debugfs timer files > > https://lkml.org/lkml/2011/2/4/67 arm arch > > > > [PATCH 03/20] mach-omap2: smartreflex: world-writable debugfs voltage > > files > > https://lkml.org/lkml/2011/2/4/68 arm arch > > > > [PATCH 04/20] mach-ux500: mbox-db5500: world-writable sysfs fifo file > > https://lkml.org/lkml/2011/2/4/69 arm arch > > > > [PATCH 05/20] leds: lp5521: world-writable sysfs engine* files > > https://lkml.org/lkml/2011/2/4/70 > > > > [PATCH 06/20] leds: lp5523: world-writable engine* sysfs files > > https://lkml.org/lkml/2011/2/4/81 > > > > [PATCH 07/20] video: sn9c102: world-wirtable sysfs files > > https://lkml.org/lkml/2011/2/4/85 > > > > [PATCH 08/20] mfd: ab3100: world-writable debugfs *_priv files > > https://lkml.org/lkml/2011/2/4/82 > > > > [PATCH 09/20] mfd: ab3500: world-writable debugfs register-* files > > https://lkml.org/lkml/2011/2/4/84 introduced in 09bcb3f3 v2.6.35-rc1 > > [PATCH 10/20] mfd: ab8500: world-writable debugfs register-* files > > https://lkml.org/lkml/2011/2/4/71 introduced in 5814fc35 v2.6.37-rc1 > > [PATCH 11/20] misc: ep93xx_pwm: world-writable sysfs files > > https://lkml.org/lkml/2011/2/4/83 > > > > [PATCH 12/20] net: can: at91_can: world-writable sysfs files > > https://lkml.org/lkml/2011/2/4/80 > > fef52b0171dfd7dd9b85c9cc201bd433b42a8ded introduced in 3a5655a5 v2.6.38-rc3 > > [PATCH 13/20] net: can: janz-ican3: world-writable sysfs termination > > file > > https://lkml.org/lkml/2011/2/4/72 > > 1e6d93e45b231b3ae87c01902ede2315aacfe976 > > > > [PATCH 14/20] platform: x86: acer-wmi: world-writable sysfs threeg > > file > > https://lkml.org/lkml/2011/2/4/79 > > b80b168f918bba4b847e884492415546b340e19d > > > > [PATCH 15/20] platform: x86: asus_acpi: world-writable procfs files > > https://lkml.org/lkml/2011/2/4/73 > > 8040835760adf0ef66876c063d47f79f015fb55d > > > > [PATCH 16/20] platform: x86: tc1100-wmi: world-writable sysfs wireless > > and jogdial files > > https://lkml.org/lkml/2011/2/4/78 > > 8a6a142c1286797978e4db266d22875a5f424897 > > > > [PATCH 17/20] rtc: rtc-ds1511: world-writable sysfs nvram file > > https://lkml.org/lkml/2011/2/4/74 > > > > [PATCH 18/20] scsi: aic94xx: world-writable sysfs update_bios file > > https://lkml.org/lkml/2011/2/4/75 > > > > [PATCH 19/20] scsi: iscsi: world-writable sysfs priv_sess file > > https://lkml.org/lkml/2011/2/4/76 introduced in fe4f0bde v2.6.36-rc1 > > [PATCH 20/20] fs: ubifs: world-writable debugfs dump_* files > > https://lkml.org/lkml/2011/2/4/77 -- Eugene Teo / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.