Re: Adding checkpointing API to Linux kernel

Alexander Kjeldaas (astor@guardian.no)
Wed, 20 Jan 1999 10:54:25 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Roger Espel Llima: "Re: ptrace and friends"
Previous message: Stefan Ring: "Re: PROBLEM: floppy and dma"
In reply to: Michael Elizabeth Chastain: "Re: Adding checkpointing API to Linux kernel"
Next in thread: Henning P. Schmiedehausen: "Re: Adding checkpointing API to Linux kernel"

On Tue, Jan 19, 1999 at 02:55:47AM -0600, Michael Elizabeth Chastain wrote:
> Hi Alexander,
>
> > And from time to time, security issues regarding ioctls that are not
> > checking for privileges when they should are found. A central
> > ioctl-directory is a good place to have privilege information too.
>
> This is much less frequent in 2.1 with the current uaccess.h
> implementations of copy_from_user, copy_to_user, get_user, put_user.
> At least on i386, these facilities cannot stomp on kernel memory no
> matter *what* values the user specifies.
>

This isn't the problem. The problem is ioctl calls which should have
an capable(SOMETHING) check, but don't. Errors like that are probably
easier to spot if they are specified centrally.

astor

-- Alexander Kjeldaas, Guardian Networks AS, Trondheim, Norway http://www.guardian.no/

- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/

Next message: Roger Espel Llima: "Re: ptrace and friends"
Previous message: Stefan Ring: "Re: PROBLEM: floppy and dma"
In reply to: Michael Elizabeth Chastain: "Re: Adding checkpointing API to Linux kernel"
Next in thread: Henning P. Schmiedehausen: "Re: Adding checkpointing API to Linux kernel"