From: Marc-Christian Petersen <m.c.p@kernel.linux-systeme.com>
To: lkml <linux-kernel@vger.kernel.org>
Cc: Linus Torvalds <torvalds@osdl.org>, Andrew Morton <akpm@osdl.org>,
Stephen Tweedie <sct@redhat.com>
Subject: [SECURITY] CAN-2004-0177 (was: Re: [SECURITY] CAN-2004-0075)
Date: Thu, 15 Apr 2004 01:35:03 +0200 [thread overview]
Message-ID: <200404150135.03714@WOLK> (raw)
In-Reply-To: <200404142230.33553@WOLK>
[-- Attachment #1: Type: text/plain, Size: 761 bytes --]
On Wednesday 14 April 2004 22:30, you wrote:
Hi again,
> Okay, now while we are at fixing security holes, is there any chance we
> can get the attached patch in?
Okay, we are at it, so what's about the attached one too? ;)
In WOLK for some time too. I am not 100% sure if this is correct, but I think
it is. Andrew? Stephen?
----------------------------------------------------------------------
CAN-2004-0177
Solar Designer discovered an information leak in the ext3 code of
Linux. In a worst case an attacker could read sensitive data such
as cryptographic keys which would otherwise never hit disk media.
Theodore Ts'o developed a correction for this.
----------------------------------------------------------------------
ciao, Marc
[-- Attachment #2: 8009_CAN-2004-0177-ext3.patch --]
[-- Type: text/x-diff, Size: 360 bytes --]
--- a/fs/jbd/journal.c Mon Nov 10 00:12:14 2003
+++ b/fs/jbd/journal.c Fri Feb 27 20:36:04 2004
@@ -599,6 +599,7 @@
return NULL;
bh = __getblk(journal->j_dev, blocknr, journal->j_blocksize);
+ memset(bh->b_data, 0, journal->j_blocksize);
bh->b_state |= (1 << BH_Dirty);
BUFFER_TRACE(bh, "return this buffer");
return journal_add_journal_head(bh);
next prev parent reply other threads:[~2004-04-14 23:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-14 17:11 [SECURITY] CAN-2004-0109 isofs fix Dave Jones
2004-04-14 20:30 ` [SECURITY] CAN-2004-0075 (was: Re: [SECURITY] CAN-2004-0109 isofs fix.) Marc-Christian Petersen
2004-04-14 20:47 ` Dave Jones
2004-04-14 21:34 ` Marc-Christian Petersen
2004-04-14 21:27 ` Greg KH
2004-04-14 21:34 ` Marc-Christian Petersen
2004-04-15 10:04 ` [SECURITY] CAN-2004-0075 Michal Schmidt
2004-04-14 23:35 ` Marc-Christian Petersen [this message]
2004-04-15 10:21 ` [SECURITY] CAN-2004-0177 (was: Re: [SECURITY] CAN-2004-0075) Stephen C. Tweedie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200404150135.03714@WOLK \
--to=m.c.p@kernel.linux-systeme.com \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sct@redhat.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.