From: David Miller <davem@davemloft.net>
To: nikolay@redhat.com
Cc: vfalico@redhat.com, netdev@vger.kernel.org, fubar@us.ibm.com,
andy@greyhouse.net, ebiederm@xmission.com, joe@perches.com
Subject: Re: [PATCH net-next 0/2] fix bonding neighbour setup handling
Date: Mon, 05 Aug 2013 15:25:03 -0700 (PDT) [thread overview]
Message-ID: <20130805.152503.1956742286847859646.davem@davemloft.net> (raw)
In-Reply-To: <51FFAD54.7090501@redhat.com>
From: Nikolay Aleksandrov <nikolay@redhat.com>
Date: Mon, 05 Aug 2013 15:49:08 +0200
> Since the cat is out of the bag about this bug, as Vaeceslav discovered it
> independently and wasn't aware that there's a CVE number pending because it
> poses a security threat since the dereferenced first_slave pointer is
> taken from the struct vlan_dev_priv's ingress_priority map array which is
> user-controllable and any memory address can be dereferenced in that way,
> and taking after that first_slave->dev->netdev_ops and calling a function
> from the ops is making it even easier. Of course for that to happen the
> user must have CAP_NET_ADMIN.
> I've tested these patches and they apply cleanly on -net as well, so please
> queue them for -net and stable.
This is why I absolutely detest closed work on bugs, and prefer
everything be discussed and implemented openly here on this list,
without exceptions, and regardless of perceived "severity" of the bug.
Applied to net and queued up for -stable, thanks.
prev parent reply other threads:[~2013-08-05 22:25 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-08-02 17:07 [PATCH net-next 0/2] fix bonding neighbour setup handling Veaceslav Falico
2013-08-02 17:07 ` [PATCH net-next 1/2] neighbour: populate neigh_parms on alloc before calling ndo_neigh_setup Veaceslav Falico
2013-08-02 17:07 ` [PATCH net-next 2/2] bonding: modify only neigh_parms owned by us Veaceslav Falico
2013-08-02 22:45 ` [PATCH net-next 0/2] fix bonding neighbour setup handling David Miller
2013-08-05 13:49 ` Nikolay Aleksandrov
2013-08-05 22:25 ` David Miller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130805.152503.1956742286847859646.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=andy@greyhouse.net \
--cc=ebiederm@xmission.com \
--cc=fubar@us.ibm.com \
--cc=joe@perches.com \
--cc=netdev@vger.kernel.org \
--cc=nikolay@redhat.com \
--cc=vfalico@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).