From: Marc-Christian Petersen <m.c.p@kernel.linux-systeme.com>
To: lkml <linux-kernel@vger.kernel.org>
Cc: Linus Torvalds <torvalds@osdl.org>, Andrew Morton <akpm@osdl.org>,
Stephen Tweedie <sct@redhat.com>
Subject: [SECURITY] CAN-2004-0177 (was: Re: [SECURITY] CAN-2004-0075)
Date: Thu, 15 Apr 2004 01:35:03 +0200 [thread overview]
Message-ID: <200404150135.03714@WOLK> (raw)
In-Reply-To: <200404142230.33553@WOLK>
[-- Attachment #1: Type: text/plain, Size: 761 bytes --]
On Wednesday 14 April 2004 22:30, you wrote:
Hi again,
> Okay, now while we are at fixing security holes, is there any chance we
> can get the attached patch in?
Okay, we are at it, so what's about the attached one too? ;)
In WOLK for some time too. I am not 100% sure if this is correct, but I think
it is. Andrew? Stephen?
----------------------------------------------------------------------
CAN-2004-0177
Solar Designer discovered an information leak in the ext3 code of
Linux. In a worst case an attacker could read sensitive data such
as cryptographic keys which would otherwise never hit disk media.
Theodore Ts'o developed a correction for this.
----------------------------------------------------------------------
ciao, Marc
[-- Attachment #2: 8009_CAN-2004-0177-ext3.patch --]
[-- Type: text/x-diff, Size: 360 bytes --]
--- a/fs/jbd/journal.c Mon Nov 10 00:12:14 2003
+++ b/fs/jbd/journal.c Fri Feb 27 20:36:04 2004
@@ -599,6 +599,7 @@
return NULL;
bh = __getblk(journal->j_dev, blocknr, journal->j_blocksize);
+ memset(bh->b_data, 0, journal->j_blocksize);
bh->b_state |= (1 << BH_Dirty);
BUFFER_TRACE(bh, "return this buffer");
return journal_add_journal_head(bh);
next prev parent reply other threads:[~2004-04-14 23:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-04-14 17:11 [SECURITY] CAN-2004-0109 isofs fix Dave Jones
2004-04-14 20:30 ` [SECURITY] CAN-2004-0075 (was: Re: [SECURITY] CAN-2004-0109 isofs fix.) Marc-Christian Petersen
2004-04-14 20:47 ` Dave Jones
2004-04-14 21:34 ` Marc-Christian Petersen
2004-04-14 21:27 ` Greg KH
2004-04-14 21:34 ` Marc-Christian Petersen
2004-04-15 10:04 ` [SECURITY] CAN-2004-0075 Michal Schmidt
2004-04-14 23:35 ` Marc-Christian Petersen [this message]
2004-04-15 10:21 ` [SECURITY] CAN-2004-0177 (was: Re: [SECURITY] CAN-2004-0075) Stephen C. Tweedie
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200404150135.03714@WOLK \
--to=m.c.p@kernel.linux-systeme.com \
--cc=akpm@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=sct@redhat.com \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox