From owner-svn-src-all@freebsd.org Tue Apr 26 21:09:27 2016 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 18C64B1D2EB; Tue, 26 Apr 2016 21:09:27 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: from mail-oi0-f65.google.com (mail-oi0-f65.google.com [209.85.218.65]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DE12612B0; Tue, 26 Apr 2016 21:09:26 +0000 (UTC) (envelope-from cse.cem@gmail.com) Received: by mail-oi0-f65.google.com with SMTP id r186so3727795oie.2; Tue, 26 Apr 2016 14:09:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :date:message-id:subject:from:to:cc; bh=wl18meuj5OP4p7cWZdw2xtFU0fFWaL/9O+T2/hh8Dy4=; b=k36rgwpep1B3WJrjDVzMZBRFXoBgtr5SRx/31wbtHJ/iKeMIQpKrK2c5MUGvtQJy8y f63dpef1iUOdlUQ0h0tgqpUNXEijNRAVOnZwtmJLuNjntxcyEq2trM51LbBy/Wny+jEz fU+XbsN3EzUMhNYen070+oqNEJGImatNq6RrMBUjfE1VHlYdMGNoAk2sF8aqnw5qMM7E qAo/IVK0uivU8pJhKOoJWCIT4+gG76NN2AdI+Mx6bX/QSZdYDagZ5WmNVew7X8xwoj/5 MtVVVXtTLfZEbC9YAUtiCc6XbuxN1irbhTggdUl3FpGCK1OB7hIcG1lGeOD1gMvUmiNm Tegw== X-Gm-Message-State: AOPr4FV/yLcUWFi4DAZL9HXBbQpUf+158p58LvrHac8GdgO/bVMh5Xh8/PFR2Xwvgb+nhg== X-Received: by 10.157.46.82 with SMTP id c18mr1820641otd.24.1461704959839; Tue, 26 Apr 2016 14:09:19 -0700 (PDT) Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com. [209.85.214.172]) by smtp.gmail.com with ESMTPSA id li8sm266281obb.27.2016.04.26.14.09.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 Apr 2016 14:09:19 -0700 (PDT) Received: by mail-ob0-f172.google.com with SMTP id j9so13285453obd.3; Tue, 26 Apr 2016 14:09:19 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.60.226.139 with SMTP id rs11mr2098378oec.0.1461704959171; Tue, 26 Apr 2016 14:09:19 -0700 (PDT) Reply-To: cem@FreeBSD.org Received: by 10.157.6.111 with HTTP; Tue, 26 Apr 2016 14:09:19 -0700 (PDT) In-Reply-To: <20160426210138.GA13055@mutt-hardenedbsd> References: <201604262036.u3QKaWto038435@repo.freebsd.org> <20160426210138.GA13055@mutt-hardenedbsd> Date: Tue, 26 Apr 2016 14:09:19 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: svn commit: r298664 - head/sys/fs/msdosfs From: Conrad Meyer To: Shawn Webb Cc: Kristof Provost , src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Apr 2016 21:09:27 -0000 On Tue, Apr 26, 2016 at 2:01 PM, Shawn Webb wrote: > On Tue, Apr 26, 2016 at 08:36:32PM +0000, Kristof Provost wrote: >> Author: kp >> Date: Tue Apr 26 20:36:32 2016 >> New Revision: 298664 >> URL: https://svnweb.freebsd.org/changeset/base/298664 >> >> Log: >> msdosfs: Prevent buffer overflow when expanding win95 names >> >> ... > > Will this be MFC'd? Since it's triggerable as non-root, should this have > a CVE? Though the commit log shows technical comments, it doesn't show > related security information. Is it triggerable as non-root? Don't you need to write a malicious filesystem image and persuade FreeBSD to mount it? Best, Conrad