oss-sec mailing list archives
Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function
From: Florian Weimer <fweimer () redhat com>
Date: Sat, 3 Jun 2017 12:06:23 +0200
On 05/30/2017 06:50 PM, Solar Designer wrote:
I guess Daniel might be associating the other side's arguments with Red Hat's because Florian was posting from a redhat.com address. I have no idea whether Florian actually spoke on behalf of Red Hat or not, but
I'm not a Red Hat spokesperson, and I did not speak for Red Hat. I hope I don't have to include a silly disclaimer in every message to counter such assumptions.
either way I think the focus on Red Hat is excessive - e.g., in the distros list thread on the previous issue, another distro vendor inquired about the proposed public disclosure date, implying they also might care. A better summary would be: understanding & opinions vary.
Right, I think those distributions that strive to boot under the Microsoft trust root for UEFI Secure Boot may also have concerns about this issue. Part of the problem with UEFI Secure Boot is that no one has documented clear security objectives for UEFI Secure Boot. Fedora sort of evolved into “no unsigned code running in ring 0 without virtualization”. From what I can tell, Microsoft picked that up and urged other distributions under their trust root to implement that as well. If restricted access to ring 0 is the goal (and I think it currently is), then Linux kernel command line parsing bugs exploitable for code execution can be used to bypass an intended security policy, and qualifies as a security vulnerability. Thanks, Florian
Current thread:
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function, (continued)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function kseifried () redhat com (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Kurt Seifried (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Solar Designer (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (May 30)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Florian Weimer (Jun 03)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (Jun 03)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (Jun 03)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (Jun 03)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Solar Designer (Jun 03)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Daniel Micay (Jun 03)
- Re: Linux kernel: stack buffer overflow with controlled payload in get_options() function Solar Designer (Jun 03)