Re: CAN-2003-0018 vs 2.6?

From: Andrew Morton
Date: Mon Mar 29 2004 - 13:53:17 EST

Next message: Marc Giger: "Re: status of Linux on Alpha?"
Previous message: Dipankar Sarma: "route cache DoS testing and softirqs"
In reply to: Christoph Hellwig: "CAN-2003-0018 vs 2.6?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Christoph Hellwig <hch@xxxxxx> wrote:
>
> CAN-2003-0018 (Linux O_DIRECT Direct Input/Output Information Leak
> Vulnerability) is still not fixed in mainline 2.6.
>
> Last time I pinged you you said you didn't like the fixes but we're
> getting to the point where 2.6 gets seriously used and we should start
> to care. In fact SuSE has been adding the patches to their tree now
> which means an direct I/O API change which is kinda messy to maintain
> for XFS (which isn't even affected by the vulnerability due to it's own
> locking) that's supposed to supply vendors with uptodas.
>
> So any plans to gets this in?

The fixes for this have been ready to go for a week or so. It's 2.6.6-pre
material.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Marc Giger: "Re: status of Linux on Alpha?"
Previous message: Dipankar Sarma: "route cache DoS testing and softirqs"
In reply to: Christoph Hellwig: "CAN-2003-0018 vs 2.6?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]