* Jan Kasprzak (kas@informatics.muni.cz) wrote:
> Chris Wright wrote:
> : Both cosa_readmem and cosa_download don't seem to do any validation of
> : the user supplied ptr at all before dereferncing it in get_user. And
> : it'd make sense to use 'code' in cosa_reamdme (as in cosa_download)
> : instead of 'd->code'. Jan, does this look OK?
>
> Yes, you are right. I've missed this. However, it is not
> as bad as it looks like, because you need the CAP_SYS_RAWIO to
> exploit this. I agree this patch should be applied.
Thanks for the confirmation.
-chris
-- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Mar 31 2003 - 22:00:28 EST