Re: CAN-2003-0018 vs 2.6?

From: Andrew Morton
Date: Mon Mar 29 2004 - 13:53:17 EST

Christoph Hellwig <hch@xxxxxx> wrote:
> CAN-2003-0018 (Linux O_DIRECT Direct Input/Output Information Leak
> Vulnerability) is still not fixed in mainline 2.6.
> Last time I pinged you you said you didn't like the fixes but we're
> getting to the point where 2.6 gets seriously used and we should start
> to care. In fact SuSE has been adding the patches to their tree now
> which means an direct I/O API change which is kinda messy to maintain
> for XFS (which isn't even affected by the vulnerability due to it's own
> locking) that's supposed to supply vendors with uptodas.
> So any plans to gets this in?

The fixes for this have been ready to go for a week or so. It's 2.6.6-pre

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at