Reporting use-after-free type bugs in Genode.

Piotr Tworek tworaz at tworaz.net
Thu Nov 5 16:41:55 CET 2020


Hi Norman,

I've sent an email with a proposed patch to bugs at genode.org. 

/ptw

> Hello Piotr,
> 
> On 05.11.20 14:00, Piotr Tworek wrote:
> > I've recently stumbled upon a use-after-free bug in one of the
> > Genode
> > core base classes. I think I have a pretty good understanding of
> > the
> > problem and would like to fill a bug report with my findings. Given
> > the
> > potential security implications of UAF type bugs I'm not sure what
> > it
> > the best course of action here. Should I report this using github
> > issue
> > tracker which AFAIU will result in the report being public? Or is
> > there
> > some other way to report bugs like this?
> 
> I greatly appreciate your sense of responsibility.
> 
> In cases like this, when the reach of the problem is uncertain,
> please
> let us first discuss the issue privately by writing to 
> 'bugs at genode.org'.
> 
> All developers at Genode Labs can follow and participate in the
> discussion, and contribute to the assessment of risk and the further
> coordination.
> 
> Best regards
> Norman
> 




More information about the users mailing list