Re: [PATCH] Fix user data corrupted by old value return of sysctl

[Yi Yang]

Coywolf Qi Hunt wrote:

> 2005/12/31, Yi Yang <yang.y.yi@xxxxxxxxx>:
>  
>
> > Coywolf Qi Hunt wrote:
> >    
> >
> > > You didn't set the trailing '\0', I wonder how your printf did work
> > > properly ever. You've just been lucky or something.
> > >
> > > -- Coywolf
> > >
> > >
> > >      
> > The variable target does it, its value is 0x00000001, so you mustn't
> > worry it.
> > osname only has 4-bytes space, so if you set '\0' to its tail, a byte
> > information will be lost.
> >    
>
> I'm worrying more. We should set '\0'. Let the one byte information
> lost, the caller deserve that. Actually here printf sees "mylo"+'\01'
> if little endian.
>  
I want to remind of you, my program is an example to verify this bug, it 
can run on both little-endian and big-endian computer correctly, because 
the variable target  is 0x00000001 or 0x00000000, it sets 0 to the tail 
of osname, only a byte '\01' isn't expected for little-endian, but my 
program really can run correctly.

For compatibility, you don't worry, you can try the application 'sysctl -a'.

This bug is very serious as far as security is concerned, so it is 
necessary, the kernel shouldn't corrupt the user data no matter what the 
reason is, if the user provides more space, Linus's patch has set 0 to 
the tail, but if the user space is not enough, to set 0 to the tail is 
not necessary, because a user mode application should do it by itself, 
but not depends on kernel.

> Linus, besides fixing bug, your commit certainly breaks userland
> compatibility. Please consider.
> --
> Coywolf Qi Hunt
>
>  

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/