From mboxrd@z Thu Jan 1 00:00:00 1970 From: Shaun Reitan Subject: Re: [PATCH] fs: pipe.c null pointer dereference - CVE-2009-3547 Date: Mon, 22 Nov 2010 12:30:57 -0800 Message-ID: <4CEAD301.5010203@unix-scripts.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com Cc: xen-devel@lists.xensource.com List-Id: xen-devel@lists.xenproject.org On 11/22/2010 11:24 AM, Keir Fraser wrote: > On 22/11/2010 16:27, "Shaun Reitan" wrote: > >> We've been applying this patch since the fix was discovered but i just >> realized yesterday when building a new kernel that the Xen kernel does >> not have this fix applied yet. >> >> I also have verified that this exploit works to gain root access on the >> current http://xenbits.xensource.com/linux-2.6.18-xen.hg branch > > It has to be said, very clearly, that our 2.6.18 tree is only really of use > now as a repository of Xen patches for vendors to pull into their own, > *properly maintained and secured* kernels. We are very interested in fixing > Xen-related security issues in our 2.6.18 tree (precisely because others use > it as a repository of good Xen patches). We are less interested in general > kernel fixes, although of course as a matter of good form we will consider a > security fix such as you propose. However, the patch you supplied does not > apply to the 2.6.18 tree. > > Thanks, > Keir I see, good to know, thanks! -- Shaun Retian Chief Technical Officer Network Data Center Host, Inc. http://www.ndchost.com