Re: verify_area(...) possible problem.

David Schleef (ds@stm.lbl.gov)
Tue, 13 Apr 1999 14:49:56 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David A. Ranch: "Re: AMD PCSCSI (AM53c974) driver bug in 2.2.x in SMP but not"
Previous message: Jan Kara: "Re: Quota file format [2.3 issue]"
Next in thread: Riley Williams: "Re: Static Swap"
Reply: Riley Williams: "Re: Static Swap"

On Tue, Apr 13, 1999 at 05:00:10PM +0000, Linus Torvalds wrote:
> In article <4B857AEEE602D211A45900805FA7753C0407D1@TOTOMB02>,
> Gilbert, Douglas <douglas.gilbert@rbcds.com> wrote:
> >
> >Linus Torvalds wrote:
> >
> >> ... you can do
> >>
> >> error = access_ok(VERIFY_READ, p, 3*sizeof(*p));
> >> if (!error) {
> >> __put_user(a, p);
> >> __put_user(b, p+1);
> >> __put_user(c, p+2);
> >> }
> >>
> >> where the __xxx versions are faster but "unsafe" unless you have
> >> verified the area by hand first.
> >

I would strongly encourage driver writers who use __put_user()
to write comments justifying the use of __put_user() and where/how
access_ok() is called. There are still several drivers (as of 2.2.1)
that call __put_user() without protection, and more drivers where
it takes a non-trivial amount of time to determine that they are
actually safe, with little performance benefit. Since an unprotected
__put_user() can be a direct security hole, it is quite important.

dave...

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: David A. Ranch: "Re: AMD PCSCSI (AM53c974) driver bug in 2.2.x in SMP but not"
Previous message: Jan Kara: "Re: Quota file format [2.3 issue]"
Next in thread: Riley Williams: "Re: Static Swap"
Reply: Riley Williams: "Re: Static Swap"