| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 11 Dec 2008 05:00:23 +0000
From: Al Viro <viro@...IV.linux.org.uk>
To: Nguyen Anh Quynh <aquynh@...il.com>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
LKML <linux-kernel@...r.kernel.org>,
Kuniyasu Suzaki <k.suzaki@...t.go.jp>
Subject: Re: [PATCH] fix calls to request_module()
On Thu, Dec 11, 2008 at 01:23:36PM +0900, Nguyen Anh Quynh wrote:
> So I checked again by fixing the code that should be compiled
> (sound/core/sound.c), and can confirm that without the patch we got
> warning like below:
>
> sound/core/sound.c: In function 'snd_request_other':
> sound/core/sound.c:91: warning: format not a string literal and no
> format arguments
Ah, but that's different. Take a look at that warning and think _why_
it is given and what is it about. Getting an untrusted string as
format argument is a real security hole, but it has nothing to do
with a pile of cases in your patch.
FWIW, even in this case (where the warning is a false positive, BTW -
the string passed there can have one of two values and both are safe)
I would simply do
switch(...) {
case .... : request_module("snd-seq"); break;
case .... : request_module("snd-timer"); break;
}
and that's it.
Slapping "%s" here actually obfuscates the code, without making it safer.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists