On 04/26/16 16:17, Conrad Meyer wrote:
On Tue, Apr 26, 2016 at 2:13 PM, Adrian Chadd wrote:
You mean "hotplug mount a malicious USB disk via some installed
graphical enviornment?"
NOone does that... :)
Sure, but there the vulnerability is (IMO) that users are allowed to
arbitrarily mount s
On 4/26/16, Kristof Provost wrote:
>
>> On 26 Apr 2016, at 23:37, Shawn Webb wrote:
>>
>> On Tue, Apr 26, 2016 at 11:05:38PM +0200, Kristof Provost wrote:
>>>
On 26 Apr 2016, at 23:01, Shawn Webb
wrote:
On Tue, Apr 26, 2016 at 08:36:32PM +, Kristof Provost wrote:
> Au
> On 26 Apr 2016, at 23:37, Shawn Webb wrote:
>
> On Tue, Apr 26, 2016 at 11:05:38PM +0200, Kristof Provost wrote:
>>
>>> On 26 Apr 2016, at 23:01, Shawn Webb wrote:
>>>
>>> On Tue, Apr 26, 2016 at 08:36:32PM +, Kristof Provost wrote:
Author: kp
Date: Tue Apr 26 20:36:32 2016
>>
On Tue, Apr 26, 2016 at 11:05:38PM +0200, Kristof Provost wrote:
>
> > On 26 Apr 2016, at 23:01, Shawn Webb wrote:
> >
> > On Tue, Apr 26, 2016 at 08:36:32PM +, Kristof Provost wrote:
> >> Author: kp
> >> Date: Tue Apr 26 20:36:32 2016
> >> New Revision: 298664
> >> URL: https://svnweb.freeb
On Tue, Apr 26, 2016 at 2:26 PM, Shawn Webb wrote:
> On Tue, Apr 26, 2016 at 11:22:32PM +0200, Kristof Provost wrote:
>>
>> > On 26 Apr 2016, at 23:18, Shawn Webb wrote:
>> > Was secteam@ even involved, then? Seems like a user-facing kernel buffer
>> > overflow ought to have involved secteam@.
>>
On Tue, Apr 26, 2016 at 11:22:32PM +0200, Kristof Provost wrote:
>
> > On 26 Apr 2016, at 23:18, Shawn Webb wrote:
> > Was secteam@ even involved, then? Seems like a user-facing kernel buffer
> > overflow ought to have involved secteam@.
> >
> No, it wasn???t. This bug had been open for quite a
> On 26 Apr 2016, at 23:18, Shawn Webb wrote:
> Was secteam@ even involved, then? Seems like a user-facing kernel buffer
> overflow ought to have involved secteam@.
>
No, it wasn’t. This bug had been open for quite a while, and I just happend to
see the report and look at it.
> Also, the diffe
On Tue, Apr 26, 2016 at 11:05:38PM +0200, Kristof Provost wrote:
>
> > On 26 Apr 2016, at 23:01, Shawn Webb wrote:
> >
> > On Tue, Apr 26, 2016 at 08:36:32PM +, Kristof Provost wrote:
> >> Author: kp
> >> Date: Tue Apr 26 20:36:32 2016
> >> New Revision: 298664
> >> URL: https://svnweb.freeb
On Tue, Apr 26, 2016 at 2:13 PM, Adrian Chadd wrote:
> You mean "hotplug mount a malicious USB disk via some installed
> graphical enviornment?"
>
> NOone does that... :)
Sure, but there the vulnerability is (IMO) that users are allowed to
arbitrarily mount stuff. That's a huge attack surface an
You mean "hotplug mount a malicious USB disk via some installed
graphical enviornment?"
NOone does that... :)
-a
___
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src
On Tue, Apr 26, 2016 at 2:01 PM, Shawn Webb wrote:
> On Tue, Apr 26, 2016 at 08:36:32PM +, Kristof Provost wrote:
>> Author: kp
>> Date: Tue Apr 26 20:36:32 2016
>> New Revision: 298664
>> URL: https://svnweb.freebsd.org/changeset/base/298664
>>
>> Log:
>> msdosfs: Prevent buffer overflow wh
> On 26 Apr 2016, at 23:01, Shawn Webb wrote:
>
> On Tue, Apr 26, 2016 at 08:36:32PM +, Kristof Provost wrote:
>> Author: kp
>> Date: Tue Apr 26 20:36:32 2016
>> New Revision: 298664
>> URL: https://svnweb.freebsd.org/changeset/base/298664
>>
>> Log:
>> msdosfs: Prevent buffer overflow whe
On Tue, Apr 26, 2016 at 08:36:32PM +, Kristof Provost wrote:
> Author: kp
> Date: Tue Apr 26 20:36:32 2016
> New Revision: 298664
> URL: https://svnweb.freebsd.org/changeset/base/298664
>
> Log:
> msdosfs: Prevent buffer overflow when expanding win95 names
>
> In win2unixfn() we expand
13 matches
Mail list logo
