Re: Filling holes in ext2

From: Adrian Cox (adrian@humboldt.co.uk)
Date: Wed Aug 22 2001 - 13:59:57 EST

Next message: Udo A. Steinberg: "Re: Linux 2.4.8-ac9"
Previous message: Eli Carter: "[PATCH] typo in comment"
In reply to: Andrew Morton: "Re: Filling holes in ext2"
Next in thread: Adrian Cox: "Re: Filling holes in ext2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Andrew Morton wrote:
> Adrian Cox wrote:

>>Can this actually be exploited? I assume the test on __copy_from_user()
>>is there in case another thread changes memory mappings while
>>generic_file_write() is running. My attempts to do this haven't yet
>>succeeded.
> I'd expect it to occur if you simply pass an unmapped address
> to write()?

No, because the first thing generic_file_write does is an access_ok()
check. It can only happen if the permissions change during the function.
That's why it's hard to exploit for real.

-- Adrian Cox http://www.humboldt.co.uk/

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/

Next message: Udo A. Steinberg: "Re: Linux 2.4.8-ac9"
Previous message: Eli Carter: "[PATCH] typo in comment"
In reply to: Andrew Morton: "Re: Filling holes in ext2"
Next in thread: Adrian Cox: "Re: Filling holes in ext2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Aug 23 2001 - 21:00:50 EST