Re: [TRIVIAL] Warn users about machines with non-working WP bit

From: David S. Miller (davem@redhat.com)
Date: Tue Aug 06 2002 - 04:28:13 EST

   From: Manfred Spraul <manfred@colorfullife.com>
   Date: Tue, 06 Aug 2002 11:17:33 +0200

> - printk("No.\n");
> + printk("No (that's security hole).\n");
> #ifdef CONFIG_X86_WP_WORKS_OK
   
   Could you explain the hole?
   WP works for user space apps, only ring0 (or ring 0-2?) code
   ignores the WP bit on i386.

So copy_to_user() could write to user areas that are write-proteced.

verify_area() checks aren't enough, consider a threaded application
calling mprotect() while the copy is in progress.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

This archive was generated by hypermail 2b29 : Wed Aug 07 2002 - 22:00:30 EST