Reporting use-after-free type bugs in Genode.

Norman Feske norman.feske at genode-labs.com
Thu Nov 5 15:50:46 CET 2020


Hello Piotr,

On 05.11.20 14:00, Piotr Tworek wrote:
> I've recently stumbled upon a use-after-free bug in one of the Genode
> core base classes. I think I have a pretty good understanding of the
> problem and would like to fill a bug report with my findings. Given the
> potential security implications of UAF type bugs I'm not sure what it
> the best course of action here. Should I report this using github issue
> tracker which AFAIU will result in the report being public? Or is there
> some other way to report bugs like this?

I greatly appreciate your sense of responsibility.

In cases like this, when the reach of the problem is uncertain, please
let us first discuss the issue privately by writing to 'bugs at genode.org'.

All developers at Genode Labs can follow and participate in the
discussion, and contribute to the assessment of risk and the further
coordination.

Best regards
Norman

-- 
Dr.-Ing. Norman Feske
Genode Labs

https://www.genode-labs.com · https://genode.org

Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth



More information about the users mailing list