On Sun, Jul 28, 2013 at 11:24:43PM +0300, Dan Carpenter wrote: > > First let me say that I don't know how this code is called, it may > be root only, but even in that case I think it's still worth > applying my patch. It can be called by non root users as well. > > These info leak problems are a well known security problem so I > didn't put a long explanation. What you do is you fill the stack > with function pointers, then you call the function that leaks. Then > you have a potentially useful pointer which was supposed to be > secret. Something like that anyway. > > There are probably lots of other easier ways to defeat address space > randomization. There may be other ways you can use info leaks as > well... > > Anyway, regardless, static checkers and code auditors look for these > leaks so applying the patch makes sense just to silence a warning. > OK, I am convinced that it's worth applying. Acked by Eli Cohen <eli@xxxxxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
