Re: [PATCH] kernel_read result fixes
From: Andres Salomon
Date: Fri Dec 24 2004 - 18:38:09 EST
On Fri, 2004-12-24 at 02:24 -0500, Andres Salomon wrote:
> Hi,
>
> A few potential vulnerabilities were pointed out by Katrina Tsipenyuk in
> <http://seclists.org/lists/linux-kernel/2004/Dec/1878.html>. I haven't
> seen any discussion or fixes of the issue yet, so here's a patch
> (against 2.6.9). The fixes are along the same lines as the previous
> binfmt_elf fixes. There's one additional place (inside fs/binfmt_som.c)
> that a fix could be applied, but since that doesn't compile anyways, I
> didn't see a point in patching it.
>
>
Ok, you can ignore this; I believe the original advisory is bogus.
prepare_binprm ensures a 128 byte buffer that kernel_read data is copied
to; in case something smaller is copied in, the rest of the space is
zero'd out. Thus, <128 reads are fine, and in many cases (as in
binfmt_script w/ tiny scripts less than 128 bytes in total) perfectly
valid.
--
Andres Salomon <dilinger@xxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part