Re: potential corruption in synclink driver

From: One Thousand Gnomes
Date: Mon Mar 02 2015 - 08:22:38 EST


> Yes and no :). In theory, the only line discipline which can handle
> large chunks is hdlc. That one limits the count to 4096 by default. But
> you are right, if someone sets maxframe in hdlc to the maximum value
> (65535) and won't set maxframe of synclinc, they will have a buffer
> overflow.
>
> These two guys are so old and ugly, maybe unused, so that I don't even

They are still made, which puts them ahead of about 3/4 of the less
maintained crap under drivers/

> know if they are worth fixing. In the normal case (no maxframe override
> on commandline/module param), they should be safe.
>
> Maybe we can drop the support to override by parameters...

Why do we care ? You have to be root to override the parameters anyway. If
you can set those values you can already compromise the box anyway you
feel fit. The problem is "if I am sufficiently expert to know about
obscure config options, have the privilege to set them and screw up
totally while using those privileges"

The options are important for certain special case uses where you have >
4K frame sizes. A check on oversize frames might not be a bad idea but I
don't think dropping it makes sense.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/