Re: SECURITY - data leakage due to incorrect strncpy implementation

From: Alan Cox (alan@lxorguk.ukuu.org.uk)
Date: Sun Jul 13 2003 - 03:02:53 EST

Next message: Alan Cox: "Re: Replace mod_inc_use_count with __module_get for watchdog drivers"
Previous message: Ruben Puettmann: "Re: Problems with usb-ohci on 2.4.22-preX"
In reply to: Horst von Brand: "Re: SECURITY - data leakage due to incorrect strncpy implementation"
Next in thread: Mitchell Blank Jr: "Re: Sound updating, security of strlcpy and a question on pci v unload"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sad, 2003-07-12 at 22:28, Horst von Brand wrote:
> Perhaps there should be a strncpy_touser() to make it crystal clear that it
> _can't_ be "optimized" into strlcpy()

The direct to_user functions are not normally a problem. The data they fail
to clear is the users own data anyway.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: Replace mod_inc_use_count with __module_get for watchdog drivers"
Previous message: Ruben Puettmann: "Re: Problems with usb-ohci on 2.4.22-preX"
In reply to: Horst von Brand: "Re: SECURITY - data leakage due to incorrect strncpy implementation"
Next in thread: Mitchell Blank Jr: "Re: Sound updating, security of strlcpy and a question on pci v unload"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Tue Jul 15 2003 - 22:00:46 EST