ipc_router: Bind only a client port as control port (fix CVE-2016-2059) #4
Conversation
…6-2059) IPC Router binds any port as a control port and moves it from the client port list to control port list. Misbehaving clients can exploit this incorrect behavior. IPC Router to check if the port is a client port before binding it as a control port. Signed-off-by: CheckYourScreen <[email protected]>
|
http://imgur.com/ovPly2J |
|
@CertifiedBlyndGuy First of all i'd like to mention that m not a guy who use stock kernel, i dont care about what they are doing/shipping, it doesnt matter if they merge this PR or not, i just wanted to grab their attention toward this vulnerability. Since they mentioned October 1st patch, Quadrooter fixes were there but a backport wasnt, even your kernel was vulnerable with this CVE if you remember. Secondly, FFS STOP CRYING OVER AUTHORSHIP! Do you really think they are maintaining it in their source? Is the patch you mentioned in your comment can be directly applied/merged? Thirdly, I already mentioned that they are missing alot of security patches and patch for Dirty CoW is yet to be rolled out by Google, officially in November Patches so OnePlus have to wait for them. I could have opened a dozen of PRs for the patches they are missing but they are good enough to patch themselves. Fourth, Stop acting like a Kernel God, Your this attitude not only bug me but OnePlus for sure. Not every commit passes CTS and blindly merging of commits doesnt work here. You should spend some time learning C and C++. # Peace EDIT: CVE-2016-2504 is already patched by them you can "git log -p drivers/gpu/msm/kgsl.c". I expect you to do your homework next time before messing someone's PR. |
IPC Router binds any port as a control port and moves it from the client
port list to control port list. Misbehaving clients can exploit this
incorrect behavior.
IPC Router to check if the port is a client port before binding it as a
control port.
Signed-off-by: CheckYourScreen [email protected]