Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 29 May 2014 18:34:16 +0530 (IST)
From: P J P <ppandit@...hat.com>
To: oss security list <oss-security@...ts.openwall.com>
Subject: Re: CVE request: Linux kernel DoS with syscall
 auditing

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+-- On Wed, 28 May 2014, Andy Lutomirski wrote --+
| # auditctl -a exit,always -S open
| No privilege whatsoever is required to trigger the OOPS.

  I don't mean to nitpick but privileges would be required to add system call 
audit rules using auditctl(8). Mentioning it here as that's a precondition to 
trigger the said OOPS.

Thank you.
- --
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJThzBQAAoJEN0TPTL+WwQfM8wP/i4S9d5veuZ1n8YZDP9baTJs
vrBRy0t82/emDthALbI0laWB1vSK2VepckMzl65fmlm9bDveKADTvjjijdEvbxoR
KerSYoqIoMrZpbACGDyr8y0YIen39QiJhXdgHWukCJu6KxhQpgA5MlF6V4HEvYG/
d4wllITmxhihlQmdoq9HmCSkMxrWOAWiWkHxR+5XD4pNgUGtXMMzg1oadS1WQ4UK
t8K3ScEyo58FUsz5QiJtLcKC5X+KFlmKpf7uJgkFGWjWOiEj/O+p4n5aKyv6isBC
Jo967Gn1sN07VCcGZB60szliT8Fr57m4SETtadzNBnaInk4EXhmglMYi0suyHgPS
BuLVhf00zVT2QSLE1YFONQxjrZYaF2LatjKySZ0tegEYTv1LBWCpUW+5sIZQBHa/
2pxFbPi4TpfCckW/mP2gmElopv+rYHzkI4XrAxdKo91kZlFNM192n1LpthWcCQ5V
EPT8iUt0wHhUoC9d2PxP1oQvSPpyUGLghSupOFBOW1Tm5aBpt0dP0BzXtGZl2qHc
c+2cwpj3INQfIKdEwQsev8YscjxDrReBRK57fyKr9xKvhkNd2uRMjeSjS30tCIEw
obgeJbPZNts/nMiKgb7SM3vXaJpHVxvOa8yW4hl/GaRYb3Gurjv7Z27iHiQa9utb
3/jZ68Ww1yfp/28Ng4jw
=df0E
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.