Re: 2.4.22-pre7: are security issues solved?

From: Herbert Xu (herbert@gondor.apana.org.au)
Date: Wed Jul 23 2003 - 04:56:47 EST

Next message: Matthias Andree: "Re: Promise SATA driver GPL'd"
Previous message: Dominik Brugger: "Re: [2.6.0-test1] ACPI slowdown"
In reply to: Aschwin Marsman: "2.4.22-pre7: are security issues solved?"
Next in thread: David S. Miller: "Re: 2.4.22-pre7: are security issues solved?"
Reply: David S. Miller: "Re: 2.4.22-pre7: are security issues solved?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Aschwin Marsman <a.marsman@aynik.com> wrote:
>
>> CAN-2003-0461: /proc/tty/driver/serial reveals the exact character counts
>> for serial links. This could be used by a local attacker to infer password
>> lengths and inter-keystroke timings during password entry.

What's the problem with exposing those counters? Are we going to restrict
access to /proc/interrupts and network interface counters too?

-- 
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Matthias Andree: "Re: Promise SATA driver GPL'd"
Previous message: Dominik Brugger: "Re: [2.6.0-test1] ACPI slowdown"
In reply to: Aschwin Marsman: "2.4.22-pre7: are security issues solved?"
Next in thread: David S. Miller: "Re: 2.4.22-pre7: are security issues solved?"
Reply: David S. Miller: "Re: 2.4.22-pre7: are security issues solved?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Wed Jul 23 2003 - 22:00:48 EST