On Monday 10 January 2011 16:06:58 ext Dan Carpenter, you wrote: > Dan Rosenberg pointed out that there were some signed comparison bugs > in the phonet protocol. > > http://marc.info/?l=full-disclosure&m=129424528425330&w=2 > > The problem is that we check for array overflows but "protocol" is > signed and we don't check for array underflows. If you have already > have CAP_SYS_ADMIN then you could use the bugs to get root, or someone > could cause an oops by mistake. > > Signed-off-by: Dan Carpenter <error27@xxxxxxxxx> Acked-by: Rémi Denis-Courmont <remi.denis-courmont@xxxxxxxxx> -- Rémi Denis-Courmont Nokia Devices R&D, Maemo Software, Helsinki -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html