Re: [CHECKER] two probable security holes

From: David S. Miller (
Date: Mon Sep 24 2001 - 20:27:14 EST

   From: Ken Ashcraft <kash@Stanford.EDU>
   Date: Mon, 24 Sep 2001 17:41:44 -0700 (PDT)
   It happens because the format string to a printing function is
   set by the user. You are correct that ifr_name[] is not a user pointer,
   but the contents of that array could contain dangerous placeholders set by
   the user. I hope that clears things up.

I see... luckily these are (as far as I can tell) all root-only

Ok, it's pretty easy to add a quick verifier to dev_alloc_name, I'll
code that up.

Franks a lot,
David S. Miller
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Sun Sep 30 2001 - 21:00:28 EST