Re: [CHECKER] two probable security holes

Ken Ashcraft (kash@stanford.edu)
Mon, 24 Sep 2001 17:41:44 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Crutcher Dunnavant: "Re: [OT] New Anti-Terrorism Law makes "hacking" punishable by life in prison"
Previous message: Michael Marxmeier: "[PATCH] cpia.c (2.4.9-ac)"
In reply to: David S. Miller: "Re: [CHECKER] two probable security holes"

On Mon, 24 Sep 2001, David S. Miller wrote:
> ifreq copied safely to kernel space, ifr.ifr_name[] is inside the
> struct and NOT a user pointer.

Sorry, my explanation of the checker may not have been clear enough-- a
format string error does not occur because the kernel dereferences a user
pointer. It happens because the format string to a printing function is
set by the user. You are correct that ifr_name[] is not a user pointer,
but the contents of that array could contain dangerous placeholders set by
the user. I hope that clears things up.

Ken

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Crutcher Dunnavant: "Re: [OT] New Anti-Terrorism Law makes "hacking" punishable by life in prison"
Previous message: Michael Marxmeier: "[PATCH] cpia.c (2.4.9-ac)"
In reply to: David S. Miller: "Re: [CHECKER] two probable security holes"