Re: [stable] [PATCH] [26/98] af_unix: Only allow recv on connectedseqpacket sockets.

From: Tim Gardner
Date: Mon Aug 01 2011 - 16:43:52 EST


On 08/01/2011 02:08 PM, Andi Kleen wrote:
For 2.6.38, and Andi's 2.6.35 which has the potential for an
unprivileged process to trigger an oops, it seems irresponsible to me to
not include this change. People who exploit kernel flaws seem good at
taking random Oops's and converting them into methods for privilege
escalation.

I'll ship 2.6.25.14 without the patch, but can you guys please come to a
conclusion whether the patch is useful or not. I'll reconsider it for .15.

Thanks,

-Andi


I'd go with Eric's assessment. He knows way more about this then I do. I am much less confident that the problem Ubuntu experienced with 2.6.35 was related, it only felt the same (similar network issues).

rtg
--
Tim Gardner tim.gardner@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/