On Mon, Apr 29, 2013 at 06:37:24PM -0700, Greg Kroah-Hartman wrote: > On Mon, Apr 29, 2013 at 05:36:40PM -0700, Simon Kirby wrote: > > On Mon, Apr 29, 2013 at 05:21:17PM -0700, Greg Kroah-Hartman wrote: > > > > > On Mon, Apr 29, 2013 at 05:14:45PM -0700, Simon Kirby wrote: > > > > On Mon, Apr 29, 2013 at 12:01:44PM -0700, Greg Kroah-Hartman wrote: > > > > > > > > > 3.8-stable review patch. If anyone has any objections, please let me know. > > > > > > > > I object. This breaks functionality I use every day (seeing who else is > > > > working on stuff with "w"). > > > > > > > > Furthermore, the patch does not actually fix the hole referenced (see > > > > ptmx-keystroke-latency.c on http://vladz.devzero.fr/013_ptmx-timing.php). > > > > I can still reproduce the timing capture even with this patch applied > > > > (in 3.9-rc8). > > > > > > How? There are no keystrokes being reported to other users, or did we > > > miss something with this patch? > > > > wget http://vladz.devzero.fr/svn/codes/PoC/ptmx-keystroke-latency.c > > gcc -O ptmx-keystroke-latency ptmx-keystroke-latency.c > > ./ptmx-keystroke-latency > > > > Log in to another tty, as another user. See keystroke timing. 3.9-rc8. > > > > Seems like it was missed. Meanwhile, idle times in "w" do not update. > > Ah, it's using inotify on the /dev/ptmx device. Jiri, your change > really doesn't affect that at all :( > > Simon, you mention a grsec change somewhere that addresses this issue. > Any hints on where that would be? Yes, see Jiri's comments in the original patch (b0de59b5733d): http://vladz.devzero.fr/013_ptmx-timing.php The grsec patch is linked from there: http://grsecurity.net/~spender/sidechannel.diff Simon- -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html