Re: Information leak in llcp_sock_bind/llcp_raw_sock_bind

From: David Miller
Date: Tue Dec 15 2015 - 15:59:04 EST

Next message: Daniel Lezcano: "Re: [PATCH] clocksource/drivers/pistachio: Fix wrong calculated clocksource read value"
Previous message: Pavel Machek: "Re: 4.4-rc5: ugly warn on: 5 W+X pages found"
In reply to: Dmitry Vyukov: "Re: Information leak in llcp_sock_bind/llcp_raw_sock_bind"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
Date: Tue, 15 Dec 2015 21:55:37 +0100

> I've seen a kernel address at least in pptp_bind,

We're not talking about pptp_bind.

We're talking about llcp_{,raw}_sock_bind().

If your hex dump doesn't show it, don't report anything unless you are
absolutely sure via code inspection that there could be a leak. And
in that case make it perfectly clear exactly how that can happen.

I am generally unimpressed with your reports half of the time,
and just a small amount of extra effort would extraordinarily
improve the quality of the things your post.

Thanks.

> So it is almost impossible to prove that a PC cannot be leaked.

You can't show that anything is actually being leaked in this specific
case, period.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Daniel Lezcano: "Re: [PATCH] clocksource/drivers/pistachio: Fix wrong calculated clocksource read value"
Previous message: Pavel Machek: "Re: 4.4-rc5: ugly warn on: 5 W+X pages found"
In reply to: Dmitry Vyukov: "Re: Information leak in llcp_sock_bind/llcp_raw_sock_bind"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]