Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 26 Feb 2013 00:10:23 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]

On Mon, Feb 25, 2013 at 07:45:01PM +0100, Mathias Krause wrote:
> Did you even try to run the exploit on a v3.2 kernel? Or even more
> simple, looked at the code of a v3.2 kernel?

No.  I think my role in this discussion is to bring up the right
questions and have you answer them, for others to have those answers.
I hope you don't mind. :-)  Personally, I don't care about this specific
bug much (not relevant), but I do care about handling of Linux kernel
bugs in general.

While we're at it, I notice that lately many of us use "kernel" in the
Subject to refer to the Linux kernel.  I wonder if this little detail
makes this mailing list a little less comfortable for non-Linux folks.
Maybe we should put "Linux" or "Linux kernel" into the Subject on those
occasions, not to discourage non-Linux discussions in here.

> There is no sock_diag
> anywhere in the kernel; there is only inet_diag. And inet_diag hadn't
> and still does not have the out-of-bounds access issue. So no, this
> bug is non-existent on a v3.2 kernel.

Thanks!

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.