[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] Re: [PATCH] fs: pipe.c null pointer dereference - CVE-2009-3547



On 11/22/2010 11:24 AM, Keir Fraser wrote:
On 22/11/2010 16:27, "Shaun Reitan"<mailinglists@xxxxxxxxxxxxxxxx>  wrote:

We've been applying this patch since the fix was discovered but i just
realized yesterday when building a new kernel that the Xen kernel does
not have this fix applied yet.

I also have verified that this exploit works to gain root access on the
current http://xenbits.xensource.com/linux-2.6.18-xen.hg branch

It has to be said, very clearly, that our 2.6.18 tree is only really of use
now as a repository of Xen patches for vendors to pull into their own,
*properly maintained and secured* kernels. We are very interested in fixing
Xen-related security issues in our 2.6.18 tree (precisely because others use
it as a repository of good Xen patches). We are less interested in general
kernel fixes, although of course as a matter of good form we will consider a
security fix such as you propose. However, the patch you supplied does not
apply to the 2.6.18 tree.

  Thanks,
  Keir

I see, good to know, thanks!

--
Shaun Retian
Chief Technical Officer
Network Data Center Host, Inc.
http://www.ndchost.com


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.