From: Greg KH <greg@kroah.com>
To: Philipp Reisner <philipp.reisner@linbit.com>
Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>,
"David S. Miller" <davem@davemloft.net>,
dm-devel@redhat.com, Evgeniy Polyakov <zbr@ioremap.net>,
linux-fbdev-devel@lists.sourceforge.net
Subject: Re: [PATCH 0/8] SECURITY ISSUE with connector
Date: Fri, 9 Oct 2009 15:25:05 -0700 [thread overview]
Message-ID: <20091009222505.GA28979@kroah.com> (raw)
In-Reply-To: <1254487211-11810-1-git-send-email-philipp.reisner@linbit.com>
On Fri, Oct 02, 2009 at 02:40:03PM +0200, Philipp Reisner wrote:
> Affected: All code that uses connector, in kernel and out of mainline
>
> The connector, as it is today, does not allow the in kernel receiving
> parts to do any checks on privileges of a message's sender.
>
> I know, there are not many out there that like connector, but as
> long as it is in the kernel, we have to fix the security issues it has!
>
> Please either drop connector, or someone who feels a bit responsible
> and has our beloved dictator's blessing, PLEASE PLEASE PLEASE take
> this into your tree, and send the pull request to Linus.
>
> Patches 1 to 4 are already Acked-by Evgeny, the connector's maintainer.
> Patches 5 to 7 are the obvious fixes to the connector user's code.
These don't apply to the 2.6.31-stable tree at all.
Could you provide them backported to that tree if you want to see them
go into a .31-stable release?
thanks,
greg k-h
WARNING: multiple messages have this Message-ID (diff)
From: Greg KH <greg@kroah.com>
To: Philipp Reisner <philipp.reisner@linbit.com>
Cc: linux-fbdev-devel@lists.sourceforge.net, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org, dm-devel@redhat.com,
Evgeniy Polyakov <zbr@ioremap.net>,
Andrew Morton <akpm@linux-foundation.org>,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH 0/8] SECURITY ISSUE with connector
Date: Fri, 9 Oct 2009 15:25:05 -0700 [thread overview]
Message-ID: <20091009222505.GA28979@kroah.com> (raw)
In-Reply-To: <1254487211-11810-1-git-send-email-philipp.reisner@linbit.com>
On Fri, Oct 02, 2009 at 02:40:03PM +0200, Philipp Reisner wrote:
> Affected: All code that uses connector, in kernel and out of mainline
>
> The connector, as it is today, does not allow the in kernel receiving
> parts to do any checks on privileges of a message's sender.
>
> I know, there are not many out there that like connector, but as
> long as it is in the kernel, we have to fix the security issues it has!
>
> Please either drop connector, or someone who feels a bit responsible
> and has our beloved dictator's blessing, PLEASE PLEASE PLEASE take
> this into your tree, and send the pull request to Linus.
>
> Patches 1 to 4 are already Acked-by Evgeny, the connector's maintainer.
> Patches 5 to 7 are the obvious fixes to the connector user's code.
These don't apply to the 2.6.31-stable tree at all.
Could you provide them backported to that tree if you want to see them
go into a .31-stable release?
thanks,
greg k-h
next prev parent reply other threads:[~2009-10-09 22:38 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-02 12:40 [PATCH 0/8] SECURITY ISSUE with connector Philipp Reisner
2009-10-02 12:40 ` [PATCH 1/8] connector: Keep the skb in cn_callback_data Philipp Reisner
2009-10-02 12:40 ` [PATCH 2/8] connector: Provide the sender's credentials to the callback Philipp Reisner
2009-10-02 12:40 ` [PATCH 3/8] connector/dm: Fixed a compilation warning Philipp Reisner
2009-10-02 12:40 ` [PATCH 4/8] connector: Removed the destruct_data callback since it is always kfree_skb() Philipp Reisner
2009-10-02 12:40 ` [PATCH 5/8] dm/connector: Only process connector packages from privileged processes Philipp Reisner
2009-10-02 12:40 ` [PATCH 6/8] dst/connector: Disallow unpliviged users to configure dst Philipp Reisner
2009-10-02 12:40 ` [PATCH 7/8] pohmelfs/connector: Disallow unpliviged users to configure pohmelfs Philipp Reisner
2009-10-02 12:40 ` [PATCH 8/8] uvesafb/connector: Disallow unpliviged users to send netlink packets Philipp Reisner
2009-10-02 16:40 ` [PATCH 5/8] dm/connector: Only process connector packages from privileged processes Jonathan Brassow
2009-10-02 13:58 ` [PATCH 0/8] SECURITY ISSUE with connector Greg KH
2009-10-02 15:54 ` Philipp Reisner
2009-10-02 15:54 ` Philipp Reisner
2009-10-02 16:10 ` Greg KH
2009-10-02 16:10 ` Greg KH
2009-10-02 16:57 ` David Miller
2009-10-02 16:57 ` David Miller
2009-10-02 16:21 ` Lars Ellenberg
2009-10-02 16:21 ` Lars Ellenberg
2009-10-02 17:56 ` David Miller
2009-10-02 18:00 ` Greg KH
2009-10-02 18:05 ` David Miller
2009-10-02 18:05 ` David Miller
2009-10-02 18:15 ` Greg KH
2009-10-04 10:24 ` Evgeniy Polyakov
2009-10-04 10:24 ` Evgeniy Polyakov
2009-10-09 22:25 ` Greg KH [this message]
2009-10-09 22:25 ` Greg KH
2009-10-13 9:28 ` [PATCH 0/7] SECURITY ISSUE with connector for 2.6.31.y Philipp Reisner
2009-10-13 9:28 ` [PATCH 1/7] connector: Keep the skb in cn_callback_data Philipp Reisner
2009-10-13 9:28 ` [PATCH 2/7] connector: Provide the sender's credentials to the callback Philipp Reisner
2009-10-13 9:28 ` [PATCH 3/7] connector: Removed the destruct_data callback since it is always kfree_skb() Philipp Reisner
2009-10-13 9:28 ` [PATCH 4/7] dm/connector: Only process connector packages from privileged processes Philipp Reisner
2009-10-13 9:28 ` [PATCH 5/7] dst/connector: Disallow unpliviged users to configure dst Philipp Reisner
2009-10-13 9:28 ` [PATCH 6/7] pohmelfs/connector: Disallow unpliviged users to configure pohmelfs Philipp Reisner
2009-10-13 9:28 ` [PATCH 7/7] uvesafb/connector: Disallow unpliviged users to send netlink packets Philipp Reisner
2009-10-13 16:25 ` [PATCH 0/7] SECURITY ISSUE with connector for 2.6.31.y Serge E. Hallyn
2009-10-15 18:29 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20091009222505.GA28979@kroah.com \
--to=greg@kroah.com \
--cc=akpm@linux-foundation.org \
--cc=davem@davemloft.net \
--cc=dm-devel@redhat.com \
--cc=linux-fbdev-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=philipp.reisner@linbit.com \
--cc=zbr@ioremap.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.