oss-sec mailing list archives
Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation
From: Solar Designer <solar () openwall com>
Date: Sat, 28 May 2022 22:04:26 +0200
On Fri, May 27, 2022 at 07:26:50AM -0400, Mike O'Connor wrote:
:I think it's important to remember that closed mailing lists filled :with private/embargoed exploits become valuable targets. They have :been compromised ever since Zardoz in the 1980s, vendor-sec was :discontinued for the same reason. By keeping zerodays in linux-distros :you paint a target on every recipient of the list. You should assume Every recipient
Right.
and their upstream providers.
Luckily, this is mostly not the case with (linux-)distros since all messages relayed by the list are encrypted to their recipients' keys. I say "mostly" because of possible two-stage attacks - where someone got only temporary access to a subscriber's computer to compromise the private key, but then targets their provider(s) for continued access to encrypted messages.
:that any working exploit code you share to a mailing list will :eventually fall into the hands of bad actors. Therefore, I don't think :selective full-disclosure works. Long ago, I suggested that such mailing lists should PLAN to be public eventually, and disclose the info themselves before someone beats them to it. For example, when June comes up, April linux-distros archives are made public, and that's advertised and known. Given its two week max embargo period, this shouldn't pose an issue for anyone. There is value in (eventually) seeing the sausage being made. I know Solar has made old linux-distros mailing list metadata public, has advised folks that "any/all list postings may be made public once the corresponding security issue is publicly disclosed". I suggest "may" become "will eventually".
Yes, I recall you had suggested that, and it's within consideration. Alexander
Current thread:
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation, (continued)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 21)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Norbert Slusarek (May 24)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 24)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Norbert Slusarek (May 26)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Jeremy Stanley (May 26)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 26)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (Jun 30)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Norbert Slusarek (Jun 30)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Norbert Slusarek (May 24)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 21)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Philip Pettersson (May 26)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Mike O'Connor (May 27)
- Re: CVE-2022-1729: race condition in Linux perf subsystem leads to local privilege escalation Solar Designer (May 28)