Re: [PATCH 1/9] Known exploit detection

From: Ingo Molnar
Date: Fri Dec 13 2013 - 08:23:35 EST

Next message: Ingo Molnar: "Re: [PATCH 1/9] Known exploit detection"
Previous message: Bjorn Helgaas: "Re: [PATCH v2 2/4] pciehp: Use link change notifications for hot-plugand removal"
In reply to: Greg Kroah-Hartman: "Re: [PATCH 1/9] Known exploit detection"
Next in thread: Kees Cook: "Re: [PATCH 1/9] Known exploit detection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Dan Carpenter <dan.carpenter@xxxxxxxxxx> wrote:

> On Fri, Dec 13, 2013 at 11:31:48AM +0100, Alexander Holler wrote:
> > I've never seen a comment inside the kernel sources which does point
> > to a CVE, so I assume there already does exists some agreement about
> > not doing so.
>
> We do occasionally put CVE numbers in the commit message, but
> normally the commit comes first before we ask for a CVE number.

The detection code will most likely come after the fix is applied.

In that case the 'ID' of the message could also be the commit ID of
the fix in question:

detect_exploit("[exploit for d8af4ce490e9: Fix syscall bug]")

or so - no CVE needed, it's a free form ID that can contain anything
descriptive about the bug the attacker attempted to exploit.

Thanks,

Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ingo Molnar: "Re: [PATCH 1/9] Known exploit detection"
Previous message: Bjorn Helgaas: "Re: [PATCH v2 2/4] pciehp: Use link change notifications for hot-plugand removal"
In reply to: Greg Kroah-Hartman: "Re: [PATCH 1/9] Known exploit detection"
Next in thread: Kees Cook: "Re: [PATCH 1/9] Known exploit detection"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]