pending stable kernel security updates

Kees Cook kees at ubuntu.com
Tue Jun 24 17:26:59 UTC 2008


Hi Tim,

On Tue, Jun 24, 2008 at 10:21:01AM -0600, Tim Gardner wrote:
> The Debian patch looks correct. Its my guess that 'RESTORE_ALL 8'
> immediately prior to 'iretq' does not restore segment registers. Due to
> assembler magic the jump to the iret_label symbol will load CS with the
> destination segment, in essence restoring CS to the trap segment which
> is necessary for a successful 'iretq'.

Okay, great.  I've pushed the patch into the ubuntu-security trees.

Thanks again for digging this up!

-Kees

-- 
Kees Cook
Ubuntu Security Team




More information about the kernel-team mailing list