On Wed, 24 Oct 2012 14:53:33 -0700 Kees Cook <keesc...@chromium.org> wrote:
> > Well, I do think that a description of the user impact of the bug > > should be included in the changelog so that poor old Greg can work out > > why we sent it at him. > > > > If you can suggest some suitable text I can copy-n-slurp that into the > > changelog. > > How about replacing the first paragraph with: > > Fix possible overflow of the buffer used for expanding environment > variables when building file list. In the extremely unlikely case of > an attacker having control over the environment variables visible to > gen_init_cpio, control over the contents of the file gen_init_cpio > parses, and gen_init_cpio was built without compiler hardening, the > attacker can gain arbitrary execution control via a stack buffer > overflow. ooh, spiffy - even I understood that! -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/