Alexander Viro <viro@math.psu.edu> wrote:
>Seriously, binfmt_misc.c was written in rather, erm, interesting C.
>Read it and you'll see. Just one (but rather impressive) example:
>
> if ((count == 1) && !(buffer[0] & ~('0' | '1'))) {
>
>It was meant to be
>
> if (count == 1 && (buffer[0] == '0' || buffer[0] == '1')) {
>
>and anyone who can't find the difference really should learn C. And
>that's not the only bogosity of such level. Besides, the thing is
>trivially oopsable - write() to any file in binfmt_misc with buffer
>pointing to unmapped kernel address and you are screwed,
Or you can register binfmt names that are registered already and
silently shadow old ones, or register names like 'register', 'status',
'.', and '..'. It's hideous to manage reliably from userspace.
-- Colin Watson [cjw44@flatline.org.uk] - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Mar 23 2001 - 21:00:12 EST