lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <x49bql48aus.fsf@segfault.boston.devel.redhat.com>
Date:	Fri, 12 Jan 2007 11:32:11 -0500
From:	Jeff Moyer <jmoyer@...hat.com>
To:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Cc:	Steven Fernandez <sfernand@...hat.com>,
	Andrew Morton <akpm@...l.org>
Subject: [patch] raw: don't allow the creation of a raw device with minor number 0

Hi,

Minor number 0 (under the raw major) is reserved for the rawctl device
file, which is used to query, set, and unset raw device bindings.
However, the ioctl interface does not protect the user from specifying
a raw device with minor number 0:

$ sudo ./raw /dev/raw/raw0 /dev/VolGroup00/swap
/dev/raw/raw0:  bound to major 253, minor 2
$ ls -l /dev/rawctl
ls: /dev/rawctl: No such file or directory
$ ls -l /dev/raw/raw0 
crw------- 1 root root 162, 0 Jan 12 10:51 /dev/raw/raw0
$ sudo ./raw -qa
Cannot open master raw device '/dev/rawctl' (No such file or directory)

As you can see, this prevents any further raw operations from
succeeding.  The fix (from Steve Fernandez) is quite simple--do not
allow the allocation of minor number 0.

Thanks!

Jeff

diff --git a/drivers/char/raw.c b/drivers/char/raw.c
index 645e20a..1f0d7c6 100644
--- a/drivers/char/raw.c
+++ b/drivers/char/raw.c
@@ -154,7 +154,7 @@ static int raw_ctl_ioctl(struct inode *i
 			goto out;
 		}
 
-		if (rq.raw_minor < 0 || rq.raw_minor >= MAX_RAW_MINORS) {
+		if (rq.raw_minor <= 0 || rq.raw_minor >= MAX_RAW_MINORS) {
 			err = -EINVAL;
 			goto out;
 		}
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ