oss-sec mailing list archives

Re: CVE request - kernel: jfs: don't allow os2 xattr namespace overlap with others

From: Josh Bressers <bressers () redhat com>
Date: Fri, 20 Aug 2010 13:32:22 -0400 (EDT)

Please use CVE-2010-2946

Thanks.

-- 
    JB


----- "Eugene Teo" <eugeneteo () kernel sg> wrote:

Upstream commit: aca0fa34bdaba39bfddddba8ca70dba4782e8fe6

Description from the commit: It's currently possible to bypass xattr 
namespace access rules by prefixing valid xattr names with "os2.",
since 
the os2 namespace stores extended attributes in a legacy format with
no 
prefix.

This patch adds checking to deny access to any valid namespace prefix

following "os2.".

Thanks, Eugene
-- 
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i);
}

Current thread:

CVE request - kernel: jfs: don't allow os2 xattr namespace overlap with others Eugene Teo (Aug 20)
- Re: CVE request - kernel: jfs: don't allow os2 xattr namespace overlap with others Josh Bressers (Aug 20)