| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Apr 2010 13:19:14 +0200 From: Sjur BRENDELAND <sjur.brandeland@...ricsson.com> To: Alan <alan@...rguk.ukuu.org.uk>, "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: RE: CAIF device Hi Alan. Alan wrote: > I was reading through the CAIF code and I noticed a couple of bugs > > Doesn't check there is a write method so set on a read only > device it's not good news (doubly so as there seem to be no > permission checks ?) plus no permissions checks and also the > following which looks unsafe > > dev_close(ser->dev); > unregister_netdevice(ser->dev); > list_del(&ser->node); > debugfs_deinit(ser); > > Now ser is the netdev private data so what stops it going away when > unregister_netdev is called ? I think this should work fine as the unregistration of the ser->dev is done after rtnl_lock, this delays the freeing of the device until rtnl_unlock. > > Secondly tty devices are ref counted and this for some reason didn't > get fixed in the driver yet. > > [Patches to follow for the write and kref bugs, the others need the > authors and someone who knows the netdev code these days to fix] Thanks, looking forward to review your patches. BR/Sjur -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists