Re: [reiserfs-list] major security bug in reiserfs (may affect SuSE Linux)

From: Alexander Viro (viro@math.psu.edu)
Date: Wed Jan 10 2001 - 19:47:23 EST

Next message: Greg KH: "[PATCH] USB Config fix for 2.2.19-pre7"
Previous message: Keith Owens: "Re: Problem with module versioning in 2.4.0"
In reply to: Chris Mason: "Re: [reiserfs-list] major security bug in reiserfs (may affect SuSE Linux)"
Next in thread: Andrea Arcangeli: "Re: [reiserfs-list] major security bug in reiserfs (may affect SuSE Linux)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 10 Jan 2001, Chris Mason wrote:

> Ah thanks, that makes more sense. But, copy_to_user is only working on
> namelen bytes, and reclen is bigger than that. So, who is checking the
> value for the buf->current_dir pointer?

Look at the thing again. Especially at the place where reclen is calculated.
Notice the calls of put_user() before and after copy_to_user(). Add them
up. Round.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "[PATCH] USB Config fix for 2.2.19-pre7"
Previous message: Keith Owens: "Re: Problem with module versioning in 2.4.0"
In reply to: Chris Mason: "Re: [reiserfs-list] major security bug in reiserfs (may affect SuSE Linux)"
Next in thread: Andrea Arcangeli: "Re: [reiserfs-list] major security bug in reiserfs (may affect SuSE Linux)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Jan 15 2001 - 21:00:28 EST