From: Nikolay Aleksandrov <nikolay@redhat.com>
To: David Miller <davem@davemloft.net>
Cc: vfalico@redhat.com, netdev@vger.kernel.org, fubar@us.ibm.com,
andy@greyhouse.net, ebiederm@xmission.com, joe@perches.com
Subject: Re: [PATCH net-next 0/2] fix bonding neighbour setup handling
Date: Mon, 05 Aug 2013 15:49:08 +0200 [thread overview]
Message-ID: <51FFAD54.7090501@redhat.com> (raw)
In-Reply-To: <20130802.154539.237539535236462726.davem@davemloft.net>
On 08/03/2013 12:45 AM, David Miller wrote:
>
> Thanks for the detailed explanation of the situation, it made your patches
> trivial to review.
>
> Applied, thanks.
Hi all,
Vaeceslav thanks for fixing this.
Since the cat is out of the bag about this bug, as Vaeceslav discovered it
independently and wasn't aware that there's a CVE number pending because it
poses a security threat since the dereferenced first_slave pointer is
taken from the struct vlan_dev_priv's ingress_priority map array which is
user-controllable and any memory address can be dereferenced in that way,
and taking after that first_slave->dev->netdev_ops and calling a function
from the ops is making it even easier. Of course for that to happen the
user must have CAP_NET_ADMIN.
I've tested these patches and they apply cleanly on -net as well, so please
queue them for -net and stable.
Also apologies for the late reply but it wasn't up to me when to reveal this.
Thank you,
Nik
next prev parent reply other threads:[~2013-08-05 13:52 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-02 17:07 [PATCH net-next 0/2] fix bonding neighbour setup handling Veaceslav Falico
2013-08-02 17:07 ` [PATCH net-next 1/2] neighbour: populate neigh_parms on alloc before calling ndo_neigh_setup Veaceslav Falico
2013-08-02 17:07 ` [PATCH net-next 2/2] bonding: modify only neigh_parms owned by us Veaceslav Falico
2013-08-02 22:45 ` [PATCH net-next 0/2] fix bonding neighbour setup handling David Miller
2013-08-05 13:49 ` Nikolay Aleksandrov [this message]
2013-08-05 22:25 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51FFAD54.7090501@redhat.com \
--to=nikolay@redhat.com \
--cc=andy@greyhouse.net \
--cc=davem@davemloft.net \
--cc=ebiederm@xmission.com \
--cc=fubar@us.ibm.com \
--cc=joe@perches.com \
--cc=netdev@vger.kernel.org \
--cc=vfalico@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.