Re: Proper procedure for reporting possible security vulnerabilities?

From: Barry K. Nathan
Date: Mon Jan 10 2005 - 21:25:39 EST

Next message: Nishanth Aravamudan: "[UPDATE PATCH] block/pt: replace pt_sleep() with msleep()/ssleep()"
Previous message: James Cleverdon: "Re: 256 apic id for amd64"
In reply to: linux-os: "Re: Proper procedure for reporting possible security vulnerabilities?"
Next in thread: Alan Cox: "Re: Proper procedure for reporting possible securityvulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 10, 2005 at 05:09:18PM -0500, linux-os wrote:
> Are you sure it's an exploit? My information was that grsecurity
> wanted some of their 'hooks' added to recent kernels and it hasn't
> happened. That's not a security problem, that's an application
> problem.

Yes, exploit (although the severity is arguable). See the 2.6.10-ac7
portion of the changelog here:
http://marc.theaimsgroup.com/?l=linux-kernel&m=110523047925271&w=2

-Barry K. Nathan <barryn@xxxxxxxxx>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nishanth Aravamudan: "[UPDATE PATCH] block/pt: replace pt_sleep() with msleep()/ssleep()"
Previous message: James Cleverdon: "Re: 256 apic id for amd64"
In reply to: linux-os: "Re: Proper procedure for reporting possible security vulnerabilities?"
Next in thread: Alan Cox: "Re: Proper procedure for reporting possible securityvulnerabilities?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]