Reporting use-after-free type bugs in Genode.
Norman Feske
norman.feske at genode-labs.com
Thu Nov 5 15:50:46 CET 2020
Hello Piotr,
On 05.11.20 14:00, Piotr Tworek wrote:
> I've recently stumbled upon a use-after-free bug in one of the Genode
> core base classes. I think I have a pretty good understanding of the
> problem and would like to fill a bug report with my findings. Given the
> potential security implications of UAF type bugs I'm not sure what it
> the best course of action here. Should I report this using github issue
> tracker which AFAIU will result in the report being public? Or is there
> some other way to report bugs like this?
I greatly appreciate your sense of responsibility.
In cases like this, when the reach of the problem is uncertain, please
let us first discuss the issue privately by writing to 'bugs at genode.org'.
All developers at Genode Labs can follow and participate in the
discussion, and contribute to the assessment of risk and the further
coordination.
Best regards
Norman
--
Dr.-Ing. Norman Feske
Genode Labs
https://www.genode-labs.com · https://genode.org
Genode Labs GmbH · Amtsgericht Dresden · HRB 28424 · Sitz Dresden
Geschäftsführer: Dr.-Ing. Norman Feske, Christian Helmuth
More information about the users
mailing list