Re: [CHECKER] 15 probable security holes in 2.4.5-ac8

Joerg Reuter (jreuter@suse.de)
Mon, 11 Jun 2001 15:51:45 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: sebastien person: "netif_start_queue"
Previous message: Jeff Garzik: "Re: 3C905b partial lockup in 2.4.5-pre5 and up to 2.4.6-pre1"

--UlVJffcvxoiEqYs2
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

To: alan@lxorguk.ukuu.org.uk, linux-kernel@vger.kernel.org
Subject: Re: [CHECKER] 15 probable security holes in 2.4.5-ac8
Date: Mon, 11 Jun 2001 15:45:07 +0200 (CEST)
From: jreuter@suse.de (Joerg Reuter)

>> [BUG] (but i'm not sure whey we're missing the initial irq).
>> /u2/engler/mc/oses/linux/2.4.5-ac8/drivers/net/hamradio/scc.c:1772:scc_n=
et_ioctl: ERROR:RANGE:1762:1772: Using user length "irq"as an array index f=
or "Ivec" set by 'copy_from_user':1762 [val=3D1000]
>> if (!arg) return -EFAULT;
>
>Thats a real bug for other reaosns.=20

Nah, just a misconception (NB: the whole scc driver initialization is crap
anyway -- but that part was written before we even had procfs; the next=20
version will use procfs, but I'm not quite convinced that my current=20
approach for the rewrite is correct. Fact is that the driver has to support=
=20
far too many different parameters). The next version will also use
the ISR of your z85230 HDLC driver, the z8530 seems to occasionally=20
overwrite it's interrupt vector register with new status information
before the old one was read.

> the iRQ might be > 16 on APIC using hosts

They won't assign IRQs above 15 for ISA cards, will they?

I gravely hope that nobody gets the idea to design a PCI card
for the Z8530 without bus master DMA...

>or non x86

Granted. But I've no reports that anyone actually tried that,
especially as the (unmodified) driver is only useful for packet radio
purposes.

>Both fixed

How? ;-)

73,
--=20
Joerg Reuter DL1BKE http://yaina.de/jreuter
And I make my way to where the warm scent of soil fills the evening air.=20
Everything is waiting quietly out there.... (Anne Clark)

--UlVJffcvxoiEqYs2
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.5 (GNU/Linux)
Comment: Weitere Infos: siehe http://www.gnupg.org

iD8DBQE7JMzwXQh8bpcgulARAjlvAKCHoIvb3cV1YMR2kO79VW3n5FSiqQCdE9Ps
Qw/80bzkmpe8oYy69Q5tPhY=
=4IRu
-----END PGP SIGNATURE-----

--UlVJffcvxoiEqYs2--
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: sebastien person: "netif_start_queue"
Previous message: Jeff Garzik: "Re: 3C905b partial lockup in 2.4.5-pre5 and up to 2.4.6-pre1"