lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20070827140133.GA13018@bit.office.eurotux.com>
Date:	Mon, 27 Aug 2007 15:01:33 +0100
From:	Luciano Rocha <strange@....no-ip.org>
To:	linux-kernel@...r.kernel.org
Subject: data disclosure in ioctl sg inquiry


(Please keep me CC'ed. Thanks.)

Hello,

While testing the SG INQUIRY command to a locked hard drive, connected
with USB, I noted that the command result included garbage that seemed
part of some other's process memory. Like bash functions, command
arguments, etc..

I make sure to memset the buffers before running the ioctl, so this seem
to be data leaked from the kernel.

Most of the code is verbatim from the example in the SCSI Generic HOWTO
(<http://tldp.org/HOWTO/SCSI-Generic-HOWTO/pexample.html>).

I include the code I used and sample output with data from running
processes (or files?).

I can't reproduce this on a firewire connected HDD, but I can with
another USB connecte one (not locked).

Regards,
Luciano Rocha

-- 
lfr
0/0

View attachment "out" of type "text/plain" (3091 bytes)

View attachment "keytool.c" of type "text/plain" (3040 bytes)

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ