On Thu, Oct 10, 2013 at 10:18:53PM +0400, Michael Tokarev wrote: > 10.10.2013 17:44, Richard W.M. Jones wrote: > > > >In Fedora we have had /dev/kvm mode 0666 for years. It was changed > >that way in July 2009. > > > >There has never been a security problem attributable to this. > > This is plain wrong. Here's a very recent example: > > http://www.openwall.com/lists/oss-security/2013/08/26/3
This causes [on ARM only] the program running the bad ioctl to oops. (I see no evidence of this causing "host OS crash" -- just an oops in the calling process). Obviously you fix kernel bugs, and you would have to fix this one anyway. Now compare this to the large number of filesystem bugs around, which can be prevented by only mounting filesystems in appliances. Rich. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
