Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S263062AbTGWJnW (ORCPT ); Wed, 23 Jul 2003 05:43:22 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S263201AbTGWJnW (ORCPT ); Wed, 23 Jul 2003 05:43:22 -0400 Received: from arnor.apana.org.au ([203.14.152.115]:49671 "EHLO arnor.me.apana.org.au") by vger.kernel.org with ESMTP id S263062AbTGWJnV (ORCPT ); Wed, 23 Jul 2003 05:43:21 -0400 From: Herbert Xu To: a.marsman@aYniK.com (Aschwin Marsman), alan@lxorguk.ukuu.org.uk, linux-kernel@vger.kernel.org Subject: Re: 2.4.22-pre7: are security issues solved? In-Reply-To: X-Newsgroups: apana.lists.os.linux.kernel User-Agent: tin/1.5.19-20030610 ("Darts") (UNIX) (Linux/2.4.21-2-686-smp (i686)) Message-Id: Date: Wed, 23 Jul 2003 19:56:47 +1000 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 871 Lines: 18 Aschwin Marsman wrote: > >> CAN-2003-0461: /proc/tty/driver/serial reveals the exact character counts >> for serial links. This could be used by a local attacker to infer password >> lengths and inter-keystroke timings during password entry. What's the problem with exposing those counters? Are we going to restrict access to /proc/interrupts and network interface counters too? -- Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ ) Email: Herbert Xu ~{PmV>HI~} Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/