Re: Please REJECT CVE-2011-4112

[Tavis Ormandy <taviso () cmpxchg8b com>]

Petr Matousek <pmatouse () redhat com> wrote:

> Hi,
>
> could you please reject CVE-2011-4112 as it is not a security bug.
>
> Reference: https://bugzilla.redhat.com/show_bug.cgi?id=751006#c5
>
> Thank you,

Unrelated, but if it did not require CAP_NET_ADMIN, would you have
considered it a security bug?

I was under the impression that there was general agreement that NULL derefs
that are handled gracefully are not security bugs any more.

Is this because you're setting panic_on_oops?

I wonder if we should create a separate panic_on_null, as I agree
panic_on_oops is probably the correct default so as to avoid transitioning
into a potentially exploitable state. I think I'm reasonably confident in
the handling of NULL derefs (or am I deluded? I havn't thought about it a
great deal).

Tavis.

-- 
-------------------------------------
taviso () cmpxchg8b com | pgp encrypted mail preferred
-------------------------------------------------------