 Home |
Products |
Support |
Community |
News |
xen-devel
Re: [Xen-devel] [PATCH] fs: pipe.c null pointer dereference - CVE-2009-3
| To: | Shaun Reitan <mailinglists@xxxxxxxxxxxxxxxx>, <xen-devel@xxxxxxxxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [Xen-devel] [PATCH] fs: pipe.c null pointer dereference - CVE-2009-3547 |
| From: | Keir Fraser <keir@xxxxxxx> |
| Date: | Mon, 22 Nov 2010 19:24:18 +0000 |
| Cc: | |
| Delivery-date: | Mon, 22 Nov 2010 11:25:21 -0800 |
| Dkim-signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:user-agent:date :subject:from:to:message-id:thread-topic:thread-index:in-reply-to :mime-version:content-type:content-transfer-encoding; bh=AImRxt2wr8ctTMqLo6Fsi1M+48xVc51D8tY/hFyDGHc=; b=pc8kZKb9WgKiSavqGavbTZXiKvgm+Jyz1PtO4/yuYCjys5WvYuNQHCkkS7/EwCQ4cE p4Kd8NwlvcFchRtRSlApwpbdJKuwfWwAGcIgRV6e5Jm019HV4jaYiqM6Ni2UGtkylvCC AZzx8QFplDh+vQWp9VbYWKDcL8Qi3eNr6fo7Q= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:user-agent:date:subject:from:to:message-id:thread-topic :thread-index:in-reply-to:mime-version:content-type :content-transfer-encoding; b=FR/OAd52c7pXwELA9bkGZR2X8MuxBtV5G8yA8L3UBkXkIURaV2qzhZuNsqrI+0lM3d 88tn/BWU3ftYdurMqcuWgVYOBQOUAHMCyuO+kLt6MK7S9OH5+sXWPJDHsXH7LucmqKZL kBs1Oug03p3OwltPKLLyCaVoY/mY5jzrytTEQ= |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| In-reply-to: | <ice5lo$pkr$1@xxxxxxxxxxxxxxx> |
| List-help: | <mailto:xen-devel-request@lists.xensource.com?subject=help> |
| List-id: | Xen developer discussion <xen-devel.lists.xensource.com> |
| List-post: | <mailto:xen-devel@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe> |
| Sender: | xen-devel-bounces@xxxxxxxxxxxxxxxxxxx |
| Thread-index: | AcuKettLorl/5UWwIUurcvFqa1+4Dg== |
| Thread-topic: | [Xen-devel] [PATCH] fs: pipe.c null pointer dereference - CVE-2009-3547 |
| User-agent: | Microsoft-Entourage/12.27.0.100910 |
On 22/11/2010 16:27, "Shaun Reitan" <mailinglists@xxxxxxxxxxxxxxxx> wrote: > We've been applying this patch since the fix was discovered but i just > realized yesterday when building a new kernel that the Xen kernel does > not have this fix applied yet. > > I also have verified that this exploit works to gain root access on the > current http://xenbits.xensource.com/linux-2.6.18-xen.hg branch It has to be said, very clearly, that our 2.6.18 tree is only really of use now as a repository of Xen patches for vendors to pull into their own, *properly maintained and secured* kernels. We are very interested in fixing Xen-related security issues in our 2.6.18 tree (precisely because others use it as a repository of good Xen patches). We are less interested in general kernel fixes, although of course as a matter of good form we will consider a security fix such as you propose. However, the patch you supplied does not apply to the 2.6.18 tree. Thanks, Keir _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-devel] [xen-unstable test] 2767: all pass - PUSHED, xen . org |
|---|---|
| Next by Date: | [Xen-devel] Re: linux-next: manual merge of the xen tree with Linus' tree, Jeremy Fitzhardinge |
| Previous by Thread: | [Xen-devel] [PATCH] fs: pipe.c null pointer dereference - CVE-2009-3547, Shaun Reitan |
| Next by Thread: | [Xen-devel] Re: [PATCH] fs: pipe.c null pointer dereference - CVE-2009-3547, Shaun Reitan |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
