Re: CAN-2003-0018 vs 2.6?
From: Andrew Morton
Date: Mon Mar 29 2004 - 13:53:17 EST
Christoph Hellwig <hch@xxxxxx> wrote:
> CAN-2003-0018 (Linux O_DIRECT Direct Input/Output Information Leak
> Vulnerability) is still not fixed in mainline 2.6.
> Last time I pinged you you said you didn't like the fixes but we're
> getting to the point where 2.6 gets seriously used and we should start
> to care. In fact SuSE has been adding the patches to their tree now
> which means an direct I/O API change which is kinda messy to maintain
> for XFS (which isn't even affected by the vulnerability due to it's own
> locking) that's supposed to supply vendors with uptodas.
> So any plans to gets this in?
The fixes for this have been ready to go for a week or so. It's 2.6.6-pre
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/