Re: [PATCH] getsockopt() early argument sanity checking

From: Andi Kleen
Date: Sun Aug 20 2006 - 04:32:14 EST

On Sunday 20 August 2006 01:05, Solar Designer wrote:
> I propose the attached patch (extracted from 2.4.33-ow1) for inclusion
> into 2.4.34-pre.
> (2.6 kernels could benefit from the same change, too, but at the moment
> I am dealing with proper submission of generic changes like this that
> are a part of 2.4.33-ow1.)

In general I don't think it makes sense to submit stuff for 2.4
that isn't in 2.6.

> The patch makes getsockopt(2) sanity-check the value pointed to by
> the optlen argument early on. This is a security hardening measure
> intended to prevent exploitation of certain potential vulnerabilities in
> socket type specific getsockopt() code on UP systems.

It's not only insufficient on SMP, but even on UP where a thread
can sleep in get_user and another one can run in this time.

Doing a check that is inherently racy everywhere doesn't seem like
a security improvement to me. If there is really a length checking bug somewhere
it needs to be fixed in a race-free way. If not then there is no need
for a change.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at