| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 May 2008 10:58:03 -0700 From: Chris Wright <chrisw@...s-sol.org> To: Dave Jones <davej@...emonkey.org.uk>, Andrew Morgan <morgan@...nel.org>, Linux Kernel <linux-kernel@...r.kernel.org>, bojan@...ursive.com Subject: Re: capget() overflows buffers. * Dave Jones (davej@...emonkey.org.uk) wrote: > We had a user file a bug report recently that sys_capget is overflowing > a user buffer. > > More details and test program are available at > https://bugzilla.redhat.com/show_bug.cgi?id=447518 > > The only recent change in this area was e338d263a76af78fe8f38a72131188b58fceb591 > "Add 64-bit capability support to the kernel". Yes, this thing is broken. Trouble is, it's expecting an array of 2, and getting an array of 1. The userspace fix is to do this (note, this does not fix the fact that the ABI is broken, it's so opaque that it's difficult to follow). cap_user_data_t data=malloc(sizeof(*data)*_LINUX_CAPABILITY_U32S); Bojan, is there a capset involved as well, because that will pull in garbage and set caps accordingly? -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists