Re: [PATCH] tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Dec 17, 2018 at 08:42:38PM +0100, Loic wrote:
> Le 2018-12-17 09:19, Greg KH a écrit :
> > On Sun, Dec 16, 2018 at 09:08:20PM +0100, Loic wrote:
> > > Le 2018-12-16 20:27, Steven Rostedt a écrit :
> > > > On Sun, 16 Dec 2018 09:52:33 +0100
> > > > Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> > > >
> > > > > On Sat, Dec 15, 2018 at 06:25:37PM +0100, Loic wrote:
> > > > > > Hello,
> > > > > >
> > > > > > Please picked up this patch for linux 4.4 and 4.9.
> > > > > > This fixes CVE-2017-0605 (Rejected?). Tested in Debian ;)
> > > > >
> > > > > It was rejected as a CVE for a good reason, and that reason is also
> > > > > why
> > > > > I refused to add it to the stable kernel releases.  In short, this is
> > > > > not an issue or bug at all, there is nothing wrong with the existing
> > > > > code.
> > > > >
> > > >
> > > > I'm starting to regret that I ever accepted the original patch :-(
> > > >
> > > > -- Steve
> > > 
> > > Okay, I hadn't looked at the previous conversations because this
> > > change is
> > > in the upstream and in debian...
> > 
> > Upstream is fine, it's a valid change so that people don't keep sending
> > the crazy patch over and over.
> > 
> > Debian is just cargo-culting the thing and should probably drop it as it
> > keeps coming back to me every 3 months or so, and I have to reject it
> > again :(
> > 
> > thanks,
> > 
> > greg k-h
> 
> Why didn't you follow the upstream or add a comment "no change for fake
> CVE-2017-0605" to break the debian patch ?

How can I change upstream?  The commit can not be changed once it is
merged.

greg k-h



[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux