All of lore.kernel.org
 help / color / mirror / Atom feed
From: Greg KH <gregkh@linuxfoundation.org>
To: Josh Boyer <jwboyer@fedoraproject.org>
Cc: Andy Lutomirski <luto@amacapital.net>,
	Eric Paris <eparis@redhat.com>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	linux-audit@redhat.com,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"stable@vger.kernel.org" <stable@vger.kernel.org>
Subject: Re: [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking
Date: Mon, 9 Jun 2014 17:31:42 -0700	[thread overview]
Message-ID: <20140610003142.GA20728@kroah.com> (raw)
In-Reply-To: <CA+5PVA6dHu-0qi1fx5Vq4QynJDJ=dG0feJjwoCHA3GaUSHp-FQ@mail.gmail.com>

On Mon, Jun 09, 2014 at 07:35:57PM -0400, Josh Boyer wrote:
> On Mon, Jun 9, 2014 at 6:46 PM, Greg KH <gregkh@linuxfoundation.org> wrote:
> > On Mon, Jun 09, 2014 at 03:35:02PM -0700, Andy Lutomirski wrote:
> >> On Mon, Jun 9, 2014 at 3:30 PM, Greg KH <gregkh@linuxfoundation.org> wrote:
> >> > On Wed, May 28, 2014 at 11:09:58PM -0400, Eric Paris wrote:
> >> >> From: Andy Lutomirski <luto@amacapital.net>
> >> >>
> >> >> Fixes an easy DoS and possible information disclosure.
> >> >>
> >> >> This does nothing about the broken state of x32 auditing.
> >> >>
> >> >> eparis: If the admin has enabled auditd and has specifically loaded audit
> >> >> rules.  This bug has been around since before git.  Wow...
> >> >>
> >> >> Cc: stable@vger.kernel.org
> >> >> Signed-off-by: Andy Lutomirski <luto@amacapital.net>
> >> >> Signed-off-by: Eric Paris <eparis@redhat.com>
> >> >> ---
> >> >>  kernel/auditsc.c | 27 ++++++++++++++++++---------
> >> >>  1 file changed, 18 insertions(+), 9 deletions(-)
> >> >
> >> > Did this patch get dropped somewhere?  Isn't it a valid bugfix, or did I
> >> > miss a later conversation about this?
> >>
> >> Hmm.  It seems that it didn't make it into Linus' tree.  Crap.
> >>
> >> IMO we need some kind of real tracking system for issues reported to
> >> security@.
> >
> > That seems to be my mbox at times :)
> >
> > But yes, having something "real" might be good if the load gets higher,
> > right now it's so low that my "sweep pending security patches" task
> > usually catches anything pending, which is rare.
> 
> How does one get added to the security@ alias?  We've been carrying
> this patch in Fedora for a bit now.  I'd be happy to help track things
> given we get distro security bug reports and such.

Just ask on the security@ alias to be added and we can take it from
there.

thanks,

greg k-h

  reply	other threads:[~2014-06-10  0:27 UTC|newest]

Thread overview: 23+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-05-29  3:09 [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking Eric Paris
2014-05-29  3:09 ` [PATCH 2/2] audit: do not select HAVE_ARCH_AUDITSYSCALL on x32 Eric Paris
2014-06-09 22:30 ` [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking Greg KH
2014-06-09 22:35   ` Andy Lutomirski
2014-06-09 22:46     ` Greg KH
2014-06-09 22:55       ` Andy Lutomirski
2014-06-10  0:32         ` Greg KH
2014-06-10  0:30           ` Andy Lutomirski
2014-06-10  0:37             ` Greg KH
2014-06-09 23:35       ` Josh Boyer
2014-06-10  0:31         ` Greg KH [this message]
2014-06-10  0:51           ` Andy Lutomirski
2014-06-10  2:57             ` Greg KH
2014-06-10  4:04               ` Andy Lutomirski
2014-06-10  4:14                 ` Greg KH
2014-06-09 22:53     ` Linus Torvalds
2014-06-09 22:56       ` Andy Lutomirski
2014-06-09 23:36         ` Linus Torvalds
2014-06-10 12:50           ` Eric Paris
2014-06-10 12:50             ` Eric Paris
2014-06-10 15:42             ` Linus Torvalds
2014-06-10 15:48               ` Linus Torvalds
  -- strict thread matches above, loose matches on Subject: below --
2014-05-28 22:21 [PATCH 0/2] Fix auditsc DoS and move it to staging Andy Lutomirski
2014-05-28 22:21 ` [PATCH 1/2] auditsc: audit_krule mask accesses need bounds checking Andy Lutomirski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140610003142.GA20728@kroah.com \
    --to=gregkh@linuxfoundation.org \
    --cc=eparis@redhat.com \
    --cc=jwboyer@fedoraproject.org \
    --cc=linux-audit@redhat.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=stable@vger.kernel.org \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.