Re: AUDIT: copy_from_user is a deathtrap.

Alan Cox (alan@lxorguk.ukuu.org.uk)
Fri, 17 May 2002 13:17:25 +0100 (BST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Erich Focht: "Re: PATCH Multithreaded core dump support for the 2.5.14 (and 15) kernel."
Previous message: Alan Cox: "Re: complain about dpt_2o driver and CPU time"
In reply to: Rusty Russell: "Re: AUDIT: copy_from_user is a deathtrap."
Next in thread: Linus Torvalds: "Re: AUDIT: copy_from_user is a deathtrap."
Next in thread: Rusty Russell: "Re: AUDIT: copy_from_user is a deathtrap."

> > I would much rather fix these instances than add yet another
> > interface.
>
> I'll accept that if someone's volunteering to audit the kernel for
> them every six months.
>
> Sorry I wasn't clear: I'm saying *replace*, not add,

Replace requires you audit every single use, and then work out how to
handle those that do care about the length and the point it faulted. From
what I've seen of the stuff that has been fixed we have a mix of the
following

1. Misports of ancient verify_* code - eg the serial ones
2. Not checking the return code - 100% legal and standards compliant

I've seen very few that have other screwups. In fact I've seen far more
incorrect uses of kmalloc with a user passed input field, kmalloc with
maths overflows, copy*user with maths overflows and the like

Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Erich Focht: "Re: PATCH Multithreaded core dump support for the 2.5.14 (and 15) kernel."
Previous message: Alan Cox: "Re: complain about dpt_2o driver and CPU time"
In reply to: Rusty Russell: "Re: AUDIT: copy_from_user is a deathtrap."
Next in thread: Linus Torvalds: "Re: AUDIT: copy_from_user is a deathtrap."
Next in thread: Rusty Russell: "Re: AUDIT: copy_from_user is a deathtrap."