lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20071007095955.GR8181@ftp.linux.org.uk> Date: Sun, 7 Oct 2007 10:59:55 +0100 From: Al Viro <viro@....linux.org.uk> To: Arnd Bergmann <arnd@...db.de> Cc: Jens Axboe <jens.axboe@...cle.com>, linux-kernel@...r.kernel.org, davem@...emloft.net, hch@....de Subject: Re: [patch 9/9] compat_ioctl: fix compat_fd_ioctl pointer access On Sat, Oct 06, 2007 at 08:19:11PM +0200, Arnd Bergmann wrote: > As found by sparse, a user space pointer is assigned to a kernel > data structure while calling other code with set_fs(KERNEL_DS), > which could lead to leaking kernel data if that pointer is > ever accessed. > > I could not find any place in the floppy drivers that actually > uses that pointer, but assigning it to an empty string is > a safer choice and gets rid of the sparse warning. FWIW, I'd kill kmalloc(), switched to compat_alloc_user_space() and copy_in_user() / get_user()+put_user(). And kill set_fs() around that sys_ioctl()... Separate from the rest of this series, though. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists