Re: [PATCH] Capabilities: BUG when an invalid capability isrequested

From: Arjan van de Ven
Date: Wed Oct 29 2008 - 11:49:20 EST


On Wed, 29 Oct 2008 11:42:12 -0400
Eric Paris <eparis@xxxxxxxxxx> wrote:

> If an invalid (large) capability is requested the capabilities system
> may panic as it is dereferencing an array of fixed (short) length.
> Its possible (and actually often happens) that the capability system
> accidentally stumbled into a valid memory region but it also regularly
> happens that it hits invalid memory and BUGs. If such an operation
> does get past cap_capable then the selinux system is sure to have
> problems as it already does a (simple) validity check and BUG. This
> is known to happen by the broken and buggy firegl driver.
>
> This patch cleanly checks all capable calls and BUG if a call is for
> an invalid capability. This will likely break the firegl driver for
> some situations, but it is the right thing to do. Garbage into a
> security system gets you killed/bugged
>
> Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
>

Acked-by: Arjan van de Ven <arjan@xxxxxxxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/