Re: [CHECKER] potential dereference of user pointer errors

• Next message: Alan Cox: "PATCH: DRIVERNAME SUPPRESSED DUE TO KERNEL.ORG FILTER BUGS"
• Previous message: Alan Cox: "PATCH: DRIVERNAME SUPPRESSED DUE TO KERNEL.ORG FILTER BUGS"
• In reply to: Jan Kasprzak: "Re: [CHECKER] potential dereference of user pointer errors"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Jan Kasprzak (kas@informatics.muni.cz) wrote:
> Chris Wright wrote:
> : Both cosa_readmem and cosa_download don't seem to do any validation of
> : the user supplied ptr at all before dereferncing it in get_user. And
> : it'd make sense to use 'code' in cosa_reamdme (as in cosa_download)
> : instead of 'd->code'. Jan, does this look OK?
>
> Yes, you are right. I've missed this. However, it is not
> as bad as it looks like, because you need the CAP_SYS_RAWIO to
> exploit this. I agree this patch should be applied.

Thanks for the confirmation.
-chris

-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

• Next message: Alan Cox: "PATCH: DRIVERNAME SUPPRESSED DUE TO KERNEL.ORG FILTER BUGS"
• Previous message: Alan Cox: "PATCH: DRIVERNAME SUPPRESSED DUE TO KERNEL.ORG FILTER BUGS"
• In reply to: Jan Kasprzak: "Re: [CHECKER] potential dereference of user pointer errors"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Mar 31 2003 - 22:00:28 EST