WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] Re: [PATCH] fs: pipe.c null pointer dereference - CVE-2009-3

from [Shaun Reitan] [Permanent Link][Original]
To: xen-devel@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-devel] Re: [PATCH] fs: pipe.c null pointer dereference - CVE-2009-3547
From: Shaun Reitan <mailinglists@xxxxxxxxxxxxxxxx>
Date: Mon, 22 Nov 2010 12:30:57 -0800
Cc: xen-devel@xxxxxxxxxxxxxxxxxxx
Delivery-date: Mon, 22 Nov 2010 12:33:14 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <C91073E2.ACDE%keir@xxxxxxx>
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Organization: Network Data Center Host, Inc.
References: <ice5lo$pkr$1@xxxxxxxxxxxxxxx> <C91073E2.ACDE%keir@xxxxxxx>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6 
On 11/22/2010 11:24 AM, Keir Fraser wrote:

On 22/11/2010 16:27, "Shaun Reitan"<mailinglists@xxxxxxxxxxxxxxxx>  wrote:


We've been applying this patch since the fix was discovered but i just
realized yesterday when building a new kernel that the Xen kernel does
not have this fix applied yet.

I also have verified that this exploit works to gain root access on the
current http://xenbits.xensource.com/linux-2.6.18-xen.hg branch


It has to be said, very clearly, that our 2.6.18 tree is only really of use
now as a repository of Xen patches for vendors to pull into their own,
*properly maintained and secured* kernels. We are very interested in fixing
Xen-related security issues in our 2.6.18 tree (precisely because others use
it as a repository of good Xen patches). We are less interested in general
kernel fixes, although of course as a matter of good form we will consider a
security fix such as you propose. However, the patch you supplied does not
apply to the 2.6.18 tree.

  Thanks,
  Keir


I see, good to know, thanks!

--
Shaun Retian
Chief Technical Officer
Network Data Center Host, Inc.
http://www.ndchost.com


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-devel] [GIT PULL] Xen updates, Jeremy Fitzhardinge
Next by Date:  [Xen-devel] Re: ATA driver failures with pvops dom0, (was: aic79xx failures with pvops dom0 2.6.32.25), Konrad Rzeszutek Wilk
Previous by Thread:  Re: [Xen-devel] [PATCH] fs: pipe.c null pointer dereference - CVE-2009-3547, Keir Fraser
Next by Thread:  [Xen-devel] ERROR while declaring tasklet, Srujan D. Kotikela
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy