lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20080911121443.c3153842.akpm@linux-foundation.org>
Date:	Thu, 11 Sep 2008 12:14:43 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Miloslav Trma__ <mitr@...hat.com>
Cc:	viro@...iv.linux.org.uk, eparis@...hat.com, linux-audit@...hat.com,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/2] audit: fix NUL handling in untrusted strings

On Thu, 11 Sep 2008 00:23:38 +0200
Miloslav Trma__ <mitr@...hat.com> wrote:

> audit_string_contains_control() stops checking at the first NUL byte.
> If audit_string_contains_control() returns FALSE,
> audit_log_n_untrustedstring() submits the complete string - including
> the NUL byte and all following bytes, up to the specified maximum length
> - to audit_log_n_string(), which copies the data unchanged into the
> audit record.
> 
> The audit record can thus contain a NUL byte (and some unchecked data
> after that).  Because the user-space audit daemon treats audit records
> as NUL-terminated strings, an untrusted string that is shorter than the
> specified maximum length effectively terminates the audit record.
> 
> This patch modifies audit_log_n_untrustedstring() to only log the data
> before the first NUL byte, if any.

It's unclear how serious this problem is.  Do you believe that it is
sufficiently serious to warrant merging these fixes into 2.6.27? 
2.6.26.x?  2.6.25.x?

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ