lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 8 Jul 2011 20:42:50 +0200
From:	Oleg Nesterov <oleg@...hat.com>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	Dan Rosenberg <drosenberg@...curity.com>, chris@...kel.net,
	security@...nel.org, linux-kernel@...r.kernel.org
Subject: Re: [Security] [PATCH] xtensa: prevent arbitrary read in ptrace

On 07/08, Andrew Morton wrote:
>
> On Thu, 07 Jul 2011 20:03:54 -0400
> Dan Rosenberg <drosenberg@...curity.com> wrote:
>
> > Prevent an arbitrary kernel read. Check the user pointer with
> > access_ok() before copying data in.
> >
> > Signed-off-by: Dan Rosenberg <drosenberg@...curity.com>
> > Cc: stable@...nel.org
> > ---
> >  arch/xtensa/kernel/ptrace.c |    3 +++
> >  1 files changed, 3 insertions(+), 0 deletions(-)
> > 
> > diff --git a/arch/xtensa/kernel/ptrace.c b/arch/xtensa/kernel/ptrace.c
> > index c72c947..ddce75e 100644
> > --- a/arch/xtensa/kernel/ptrace.c
> > +++ b/arch/xtensa/kernel/ptrace.c
> > @@ -147,6 +147,9 @@ int ptrace_setxregs(struct task_struct *child, void __user *uregs)
> >  	elf_xtregs_t *xtregs = uregs;
> >  	int ret = 0;
> >
> > +	if (!access_ok(VERIFY_READ, uregs, sizeof(elf_xtregs_t)))
> > +		return -EIO;
>
> This should be -EFAULT, methinks?

Also, it seems that ptrace_setxregs/ptrace_getxregs could be static?

The patch looks "obviously correct" but I don't understand this code.

Hmm. We don't read/write the XTENSA_HAVE_COPROCESSORS data, but use
sizeof(elf_xtregs_t) anyway. This looks a bit strange but I guess
this doesn't matter.

Oleg.

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ