On Tuesday 11 January 2011 02:06:20 ext David Miller, you wrote: > From: Dan Carpenter <error27@xxxxxxxxx> > Date: Mon, 10 Jan 2011 17:06:58 +0300 > > > Dan Rosenberg pointed out that there were some signed comparison bugs > > in the phonet protocol. > > > > http://marc.info/?l=full-disclosure&m=129424528425330&w=2 > > > > The problem is that we check for array overflows but "protocol" is > > signed and we don't check for array underflows. If you have already > > have CAP_SYS_ADMIN then you could use the bugs to get root, or someone > > could cause an oops by mistake. > > > > Signed-off-by: Dan Carpenter <error27@xxxxxxxxx> > > Applied. Shouldn't this be sent to stable trees? -- Rémi Denis-Courmont Nokia Devices R&D, Maemo Software, Helsinki -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
