mailing list archives
Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo
From: Jamie Strandboge <jamie () canonical com>
Date: Thu, 07 Jul 2011 10:56:35 -0500
On Tue, 2011-05-10 at 17:05 -0400, William Cohen wrote:
The patches mentioned in the previous email.
Thanks for these patches. I was reviewing them and noticed that
0003-Avoid-blindly-source-SETUP_FILE-with.patch undoes the
'error_if_not_basename $arg $val' for --save added in
0002-Ensure-that-save-only-saves-things-in-SESSION_DIR.patch such that
if you apply all 4 patches, method #2 from the Debian bug is no
longer fixed. Attached is a patch to correct this (to be applied after
the other 4).
Jamie Strandboge | http://www.canonical.com
Description: This is a digitally signed message part
- Re: Re: CVE Request -- oprofile -- Local privilege escalation via crafted opcontrol event parameter when authorized by sudo Jamie Strandboge (Jul 07)