Date: Tue, 30 May 2017 10:29:32 -0400 From: Daniel Micay <danielmicay@...il.com> To: Florian Weimer <fweimer@...hat.com>, oss-security@...ts.openwall.com Cc: Roee Hay <roeehay@...il.com> Subject: Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function init=/bin/bash -- arguments for bash running as real root If a memory corruption bug via a kernel line option is a vulnerability, so is this. It's a vulnerability in the verified boot implementation if there's attacker control over the kernel line to this extent. Even if we're going to treat memory corruption specially, you can corrupt memory simply via crazy configuration on the kernel command line... that is parsed properly, but then breaks at runtime. You can also happily disable features like rodata to make your life easier, since... you control the kernel line. I can't understand what kind of threat model considers these valid CVEs.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.