lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041223155439.15412.qmail@paddy.troja.mff.cuni.cz> From: peak at argo.troja.mff.cuni.cz (Pavel Kankovsky) Subject: Re: Linux kernel scm_send local DoS On Tue, 14 Dec 2004, Paul Starzetz wrote: > The Linux kernel provides a powerful socket API to user applications. > Among other functions sockets provide an universal way for IPC and user- > kernel communication. The socket layer uses several logical sublayers. > One of the layers, so called auxiliary message layer (or scm layer), > augments the socket API by an universal user-kernel message passing > capability (see recvfrom(2) for more details on auxiliary messages). More nasties might be lurking nearby (at least in 2.4): - additional, almost identical, copies of cmsg parsing code appear in ip_cmsg_send() (net/ipv4/ip_sockglue.c) and datagram_send_ctl() (net/ipv6/datagram.c) - sys_sendmsg() (net/socket.c) is willing to allocate almost arbitrary large blocks of kernel memory --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Powered by blists - more mailing lists