Re: 2.4.22-pre7: are security issues solved?

From: Herbert Xu (
Date: Wed Jul 23 2003 - 04:56:47 EST

Aschwin Marsman <> wrote:
>> CAN-2003-0461: /proc/tty/driver/serial reveals the exact character counts
>> for serial links. This could be used by a local attacker to infer password
>> lengths and inter-keystroke timings during password entry.

What's the problem with exposing those counters? Are we going to restrict
access to /proc/interrupts and network interface counters too?

Debian GNU/Linux 3.0 is out! ( )
Email:  Herbert Xu ~{PmV>HI~} <>
Home Page:
PGP Key:
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Jul 23 2003 - 22:00:48 EST