Re: [CHECKER] Help Needed!

Chris Wright (chris@wirex.com)
Mon, 21 Apr 2003 14:26:24 -0700


* Junfeng Yang (yjf@stanford.edu) wrote:
>
> It seems to us that create_dev can only be called at boot time (the
> "__init" attribute), so devfs_name must be an untainted kernel pointer.
> The warning on line 437 isn't a real error.

Yes.

> However, this pointer is finally passed into strncpy_from_user through the
> call chain [ sys_symlink (devfs_name, name) --> getname (oldname) -->
> do_getname(filename, _) --> strncpy_from_user (_, filename, _)]. Is it
> okay to call *_from_user functions with the second arguements untainted?
> What will access_ok(VERIFY_READ, src, 1) return?

This checks against the current addr_limit which depends on the context.
KERNEL_DS lets this check succeed.

thanks,
-chris

-- 
Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/