> I've just found a bug (an unsignificant bug) in the panic() function!
> There's a possible buffer overflow if the formated string exceeds
> 1024 characters (I think that the problem is in all kernel releases).
> The problem is in the use of vsprintf() insted of vsnprintf()!
>
> I know that this doesn't compromise any exploitation by an uid
> different than zero, but should be fixed in the case of panic()'s arguments
> exceeds the buffer limit (probably by an lkm or something like that) and
> cause (probably) a system crash.
>
In that case there are quite a number of other places in the kernel which
can be 'exploited' in various ways.
Cheers,
Zwane
-- http://function.linuxpower.ca- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/