Re: [TRIVIAL] Warn users about machines with non-working WP bit

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: David Woodhouse: "[RESEND] [RESEND] [RESEND] [PATCH] Trivial JFFS2 oops fix."
• Previous message: Christoph Hellwig: "Re: [PATCH] 15/18 better pte invalidation"
• Maybe in reply to: Rusty Trivial Russell: "[TRIVIAL] Warn users about machines with non-working WP bit"
• Next in thread: Kasper Dupont: "Re: [TRIVIAL] Warn users about machines with non-working WP bit"

> From: Manfred Spraul <manfred@colorfullife.com>
> Date: Tue, 06 Aug 2002 11:17:33 +0200
>
> > - printk("No.\n");
> > + printk("No (that's security hole).\n");
> > #ifdef CONFIG_X86_WP_WORKS_OK
>
> Could you explain the hole?
> WP works for user space apps, only ring0 (or ring 0-2?) code
> ignores the WP bit on i386.
>
>So copy_to_user() could write to user areas that are write-proteced.
>
>verify_area() checks aren't enough, consider a threaded application
>calling mprotect() while the copy is in progress.
>
>
Then we should either fix copy_to_user(), or mark 80386 unsupported, or
disable multi-threading on 80386. It's a random memory corruption, far
worse than a security hole.

--
    Manfred


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

• Next message: David Woodhouse: "[RESEND] [RESEND] [RESEND] [PATCH] Trivial JFFS2 oops fix."
• Previous message: Christoph Hellwig: "Re: [PATCH] 15/18 better pte invalidation"
• Maybe in reply to: Rusty Trivial Russell: "[TRIVIAL] Warn users about machines with non-working WP bit"
• Next in thread: Kasper Dupont: "Re: [TRIVIAL] Warn users about machines with non-working WP bit"