Reporting use-after-free type bugs in Genode.
Piotr Tworek
tworaz at tworaz.net
Thu Nov 5 16:41:55 CET 2020
Hi Norman,
I've sent an email with a proposed patch to bugs at genode.org.
/ptw
> Hello Piotr,
>
> On 05.11.20 14:00, Piotr Tworek wrote:
> > I've recently stumbled upon a use-after-free bug in one of the
> > Genode
> > core base classes. I think I have a pretty good understanding of
> > the
> > problem and would like to fill a bug report with my findings. Given
> > the
> > potential security implications of UAF type bugs I'm not sure what
> > it
> > the best course of action here. Should I report this using github
> > issue
> > tracker which AFAIU will result in the report being public? Or is
> > there
> > some other way to report bugs like this?
>
> I greatly appreciate your sense of responsibility.
>
> In cases like this, when the reach of the problem is uncertain,
> please
> let us first discuss the issue privately by writing to
> 'bugs at genode.org'.
>
> All developers at Genode Labs can follow and participate in the
> discussion, and contribute to the assessment of risk and the further
> coordination.
>
> Best regards
> Norman
>
More information about the users
mailing list