Re: [CHECKER] potential dereference of user pointer errors

Chris Wright (chris@wirex.com)
Thu, 27 Mar 2003 09:10:58 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "PATCH: DRIVERNAME SUPPRESSED DUE TO KERNEL.ORG FILTER BUGS"
Previous message: Alan Cox: "PATCH: DRIVERNAME SUPPRESSED DUE TO KERNEL.ORG FILTER BUGS"

* Jan Kasprzak (kas@informatics.muni.cz) wrote:
> Chris Wright wrote:
> : Both cosa_readmem and cosa_download don't seem to do any validation of
> : the user supplied ptr at all before dereferncing it in get_user. And
> : it'd make sense to use 'code' in cosa_reamdme (as in cosa_download)
> : instead of 'd->code'. Jan, does this look OK?
>
> Yes, you are right. I've missed this. However, it is not
> as bad as it looks like, because you need the CAP_SYS_RAWIO to
> exploit this. I agree this patch should be applied.

Thanks for the confirmation.
-chris

-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Next message: Alan Cox: "PATCH: DRIVERNAME SUPPRESSED DUE TO KERNEL.ORG FILTER BUGS"
Previous message: Alan Cox: "PATCH: DRIVERNAME SUPPRESSED DUE TO KERNEL.ORG FILTER BUGS"