Re: [RESEND][PATCH] gen_init_cpio: avoid stack overflow whenexpanding

From: Andrew Morton
Date: Wed Oct 24 2012 - 17:59:25 EST

Next message: Juri Lelli: "[PATCH 06/16] sched: SCHED_DEADLINE SMP-related data structures & logic."
Previous message: Rafael J. Wysocki: "Re: [PATCH 1/2] cpufreq: return early from __cpufreq_driver_getavg()"
In reply to: Kees Cook: "Re: [RESEND][PATCH] gen_init_cpio: avoid stack overflow when expanding"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 24 Oct 2012 14:53:33 -0700
Kees Cook <keescook@xxxxxxxxxxxx> wrote:

> > Well, I do think that a description of the user impact of the bug
> > should be included in the changelog so that poor old Greg can work out
> > why we sent it at him.
> >
> > If you can suggest some suitable text I can copy-n-slurp that into the
> > changelog.
>
> How about replacing the first paragraph with:
>
> Fix possible overflow of the buffer used for expanding environment
> variables when building file list. In the extremely unlikely case of
> an attacker having control over the environment variables visible to
> gen_init_cpio, control over the contents of the file gen_init_cpio
> parses, and gen_init_cpio was built without compiler hardening, the
> attacker can gain arbitrary execution control via a stack buffer
> overflow.

ooh, spiffy - even I understood that!
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Juri Lelli: "[PATCH 06/16] sched: SCHED_DEADLINE SMP-related data structures & logic."
Previous message: Rafael J. Wysocki: "Re: [PATCH 1/2] cpufreq: return early from __cpufreq_driver_getavg()"
In reply to: Kees Cook: "Re: [RESEND][PATCH] gen_init_cpio: avoid stack overflow when expanding"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]