oss-sec mailing list archives

Re: CVE request - Linux kernel: VFAT slab-based buffer overflow

From: Greg KH <greg () kroah com>
Date: Wed, 27 Feb 2013 15:07:32 -0800

On Thu, Feb 28, 2013 at 12:00:27AM +0100, Jason A. Donenfeld wrote:

On Wed, Feb 27, 2013 at 10:44 PM, Greg KH <greg () kroah com> wrote:

That's the whole problem here, who is going to do such a classification,
and after that, the notification?  The first part is the toughest to do,
as discussed elsewhere in this thread.


May I just bluntly call out shenanigans here? Yes, some bugs are
esoteric and it's not immediately obvious that they are security
related. But there are so many bugs that are _clearly_
security-related.


Really?  Ok then, please go ahead and try doing this yourself if you
feel it is so "obvious" to do.

Kernel developers are super smart -- some of the brightest guys out
there.


Nope, we are dumb, we do uninteresting, boring work, dealing with broken
hardware and demanding users every day.  If we were smarter, we wouldn't
be doing this type of thing.

sorry,

greg k-h

Current thread:

Re: handling of Linux kernel vulnerabilities, (continued)
- - - Re: handling of Linux kernel vulnerabilities Kurt Seifried (Mar 04)
    - Re: handling of Linux kernel vulnerabilities Solar Designer (Mar 04)
    - Re: handling of Linux kernel vulnerabilities Noel Butler (Mar 05)
    - Re: handling of Linux kernel vulnerabilities Solar Designer (Mar 05)
    - Re: handling of Linux kernel vulnerabilities Alton Moore (Mar 05)
    - Re: handling of Linux kernel vulnerabilities (was: CVE request - Linux kernel: VFAT slab-based buffer overflow) Eric Lacombe (Mar 05)
    - Re: handling of Linux kernel vulnerabilities Andreas Ericsson (Mar 04)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Kurt Seifried (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jiri Kosina (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Daniel Kahn Gillmor (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Yves-Alexis Perez (Mar 01)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Jason A. Donenfeld (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Tim (Feb 27)
    - Re: CVE request - Linux kernel: VFAT slab-based buffer overflow Greg KH (Feb 27)

(Thread continues...)