http://lwn.net/Articles/330866/ This is a special feed containing comments posted to the individual LWN article titled "Linux ASLR vulnerabilities". hourly 2 http://lwn.net/Articles/331440/rss 2009-05-03T23:12:01+00:00 jamesmrh <div class="FormattedComment"> I can't see if there's any CC's on that email, but I suggest making sure it's cc'd to the LSM list, as well as known x86/platform experts such as Arjan, Ingo, Alan Cox, Roland McGrath etc.<br> <p> (I didn't even know that'd been posted until I read this thread on LWN).<br> <p> </div> http://lwn.net/Articles/331316/rss 2009-05-02T13:54:57+00:00 willezurmacht <div class="FormattedComment"> CC the -mm maintainer if you don't get lucky in the second chance. Sometimes it helps.<br> </div> http://lwn.net/Articles/331315/rss 2009-05-02T13:39:08+00:00 jake <div class="FormattedComment"> <font class="QuotedText">&gt; Are you aware of any progress in getting the vulnerability fixed?</font><br> <p> Nope. I will resend the patch in a day or two if I don't hear anything.<br> <p> jake<br> </div> http://lwn.net/Articles/331311/rss 2009-05-02T13:15:38+00:00 willezurmacht <div class="FormattedComment"> The problem with blacklisting is that you never know when your blacklist is enough. The question is if there are any true legitimate uses of this and what's specifically required.<br> <p> Either way, there are plenty of other methods to get around the difficulties presented by ASLR as of its current implementation in mainline kernel.<br> <p> I would like to know if Jake's patch goes through, hopefully it does.<br> </div> http://lwn.net/Articles/331275/rss 2009-05-02T01:37:57+00:00 spender <div class="FormattedComment"> Hi Jake,<br> <p> I noticed you submitted the following patch to LKML earlier this week:<br> <a href="http://lkml.org/lkml/2009/4/30/265?h1=4d3afeb44daf01af97a0b9c725dcaf1453b7886c&amp;h2=c1efa214c08fa9819a71f7e09815c7910f9a879b">http://lkml.org/lkml/2009/4/30/265?h1=4d3afeb44daf01af97a...</a><br> <p> but it hasn't received any responses yet, and I haven't seen any patches submitted by anyone else. Are you aware of any progress in getting the vulnerability fixed?<br> <p> -Brad<br> </div> http://lwn.net/Articles/331011/rss 2009-04-30T16:34:39+00:00 nix <div class="FormattedComment"> Oh that first one is quite nasty. We can stop reporting wchan for non-self users when non-root without breaking too much, but doing the same for /proc/*/stat is out of the question. Perhaps we can blank out just the sensitive fields in such cases?<br> <p> </div> http://lwn.net/Articles/330962/rss 2009-04-30T10:46:47+00:00 njd27 <div class="FormattedComment"> Nonsense, the important question is, should the singular of "jiffies" be "jiffie" or "jiffy"?<br> </div> http://lwn.net/Articles/330916/rss 2009-04-30T02:32:07+00:00 jreiser <i>it would be a tragedy to think that known vulnerabilities are just falling through the cracks</i> <p>Oh, stop being so melodramatic. It's not a tragedy. It's money being made by those who look and listen carefully, widely, and with patience. It was ever thus. The important questions are the quantifiers: "<i>How much</i> money, <i>how often</i>, <i>by whom</i>, ...?"