oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How GNU/Linux distros deal with offset2lib attack?

From: Loganaden Velvindron <loganaden () gmail com>
Date: Sat, 6 Dec 2014 20:48:04 +0400
On Sat, Dec 6, 2014 at 7:35 PM, Greg KH <greg () kroah com> wrote:

On Sat, Dec 06, 2014 at 03:22:58PM +0800, Shawn wrote:


2, ASLRv3? Hector Marco( the dude who disclosured offset2lib attack)
sent a patch to the upstream:
https://lkml.org/lkml/2014/12/4/839

Even the upstream don't accept the patch, is this possible to backport
it & maintain it for distro community?


Upstream asked for some basic fixes to the patch (i.e. it wasn't
submitted in the needed format) before it could accept it, so I doubt
it's rejected yet.

And of course a distro could backport and maintain it, it's a very tiny
patch, much smaller than what they normall backport.  Take it up with
the distros if you want this.



Going through the LKML mailing discussion, it seems that there's
interest in improving the diff according to the comment by Andy.

There also seems to be concern with 32-bit architectures.





thanks,

greg k-h




-- 
This message is strictly personal and the opinions expressed do not
represent those of my employers, either past or present.
Previous By Date Next
Previous By Thread Next

Current thread: