From: Ben Hutchings <ben.hutchings@codethink.co.uk>
To: Sasha Levin <sashal@kernel.org>, Ilya Dryomov <idryomov@gmail.com>
Cc: stable-commits@vger.kernel.org, stable@vger.kernel.org
Subject: Re: Patch "libceph: implement CEPHX_V2 calculation mode" has been added to the 4.14-stable tree
Date: Wed, 05 Dec 2018 22:25:17 +0000 [thread overview]
Message-ID: <1544048717.2867.17.camel@codethink.co.uk> (raw)
In-Reply-To: <20181203161632.GK235790@sasha-vm>
On Mon, 2018-12-03 at 11:16 -0500, Sasha Levin wrote:
> On Mon, Dec 03, 2018 at 04:32:18PM +0100, Ilya Dryomov wrote:
> > On Mon, Dec 3, 2018 at 4:26 PM Sasha Levin <sashal@kernel.org> wrote:
> > >
> > > + Ben
> > >
> > > On Mon, Dec 03, 2018 at 12:09:25PM +0100, Ilya Dryomov wrote:
[...]
> > > > The CVEs mentioned in this series are server side and CEPHX_V2 is
> > > > probably more of a new feature than a security fix. That said, I don't
> > > > object to including it in 4.14.z. If you do, please pick up the
> > > > remaining two patches for interoperability:
> > > >
> > > > f1d10e046379 libceph: weaken sizeof check in ceph_x_verify_authorizer_reply()
> > > > 130f52f2b203 libceph: check authorizer reply/challenge length before reading
> > >
> > > Would I be pulling this patch if it didn't have the string
> > > "CVE-2018-1129" in the commit message?
> >
> > Well, I didn't mark this series for stable, so probably not.
>
> Alrighty, thanks.
>
> Ben, any objections to dropping this patch?
My understanding is that while the security impact is on the server
side, an unpatched client won't be able to authenticate to a patched
server. Assuming that is correct, this change seems to fit the stable
rules.
Ben.
--
Ben Hutchings, Software Developer Codethink Ltd
https://www.codethink.co.uk/ Dale House, 35 Dale Street
Manchester, M1 2HF, United Kingdom
next prev parent reply other threads:[~2018-12-05 22:25 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20181202155105.CA3F220851@mail.kernel.org>
2018-12-03 11:09 ` Patch "libceph: implement CEPHX_V2 calculation mode" has been added to the 4.14-stable tree Ilya Dryomov
2018-12-03 15:26 ` Sasha Levin
2018-12-03 15:32 ` Ilya Dryomov
2018-12-03 16:16 ` Sasha Levin
2018-12-05 22:25 ` Ben Hutchings [this message]
2018-12-06 5:45 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1544048717.2867.17.camel@codethink.co.uk \
--to=ben.hutchings@codethink.co.uk \
--cc=idryomov@gmail.com \
--cc=sashal@kernel.org \
--cc=stable-commits@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.