Re: [PATCH] kernel_read result fixes

From: Andres Salomon
Date: Fri Dec 24 2004 - 18:38:09 EST

Next message: Linus Torvalds: "Re: VM fixes [4/4]"
Previous message: Linus Torvalds: "Re: VM fixes [4/4]"
In reply to: Andres Salomon: "[PATCH] kernel_read result fixes"
Next in thread: Andrew Morton: "Re: [PATCH] kernel_read result fixes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2004-12-24 at 02:24 -0500, Andres Salomon wrote:
> Hi,
>
> A few potential vulnerabilities were pointed out by Katrina Tsipenyuk in
> <http://seclists.org/lists/linux-kernel/2004/Dec/1878.html>. I haven't
> seen any discussion or fixes of the issue yet, so here's a patch
> (against 2.6.9). The fixes are along the same lines as the previous
> binfmt_elf fixes. There's one additional place (inside fs/binfmt_som.c)
> that a fix could be applied, but since that doesn't compile anyways, I
> didn't see a point in patching it.
>
>

Ok, you can ignore this; I believe the original advisory is bogus.
prepare_binprm ensures a 128 byte buffer that kernel_read data is copied
to; in case something smaller is copied in, the rest of the space is
zero'd out. Thus, <128 reads are fine, and in many cases (as in
binfmt_script w/ tiny scripts less than 128 bytes in total) perfectly
valid.

--
Andres Salomon <dilinger@xxxxxxxxx>

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: Linus Torvalds: "Re: VM fixes [4/4]"
Previous message: Linus Torvalds: "Re: VM fixes [4/4]"
In reply to: Andres Salomon: "[PATCH] kernel_read result fixes"
Next in thread: Andrew Morton: "Re: [PATCH] kernel_read result fixes"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]