lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <alpine.LFD.2.02.1203302225420.2542@ionos>
Date:	Fri, 30 Mar 2012 22:35:46 +0200 (CEST)
From:	Thomas Gleixner <tglx@...utronix.de>
To:	Greg KH <gregkh@...uxfoundation.org>
cc:	Sasha Levin <levinsasha928@...il.com>, arnd@...db.de,
	viro@...iv.linux.org.uk, davej@...hat.com,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] kmsg: Use vmalloc instead of kmalloc when writing

On Fri, 30 Mar 2012, Greg KH wrote:
> On Fri, Mar 30, 2012 at 07:37:37PM +0300, Sasha Levin wrote:
> > On Fri, Mar 30, 2012 at 6:30 PM, Greg KH <gregkh@...uxfoundation.org> wrote:
> > > On Fri, Mar 30, 2012 at 01:04:27PM -0400, Sasha Levin wrote:
> > >> There are no size checks in kmsg_write(), and we try allocating enough
> > >> memory to store everything userspace gave us, which may be too much for
> > >> kmalloc to allocate.
> > >
> > > Really?  Have you seen this fail?  As only root can do this, is this
> > > really a problem?
> > 
> > Only root, and a whole bunch of management software that dumps data
> > into /dev/kmsg (systemd and friends).
> 
> Running as root, do any of these cause problems by asking for too much
> memory here? 

Running as root is not a guarantee for correctness. So the syscall
should cope with bogus requests from user space and not rely on the
sanity of anything. Looking at the main users which polute dmesg I'm
inclined to assume insanity in the first place.

As Sasha pointed out there is either the variant to use vmalloc and
grant any write size or limit the size to something sensible. Though
given the users of this, coming up with something sensible might be a
problem.

> Is this something that needs to be addressed now, and in
> stable kernels, or can it wait for 3.5?

Yes, it want's to be addressed now and it want's to be in stable as
well. syscalls which have no bound checking are evil, no matter what.
 
Thanks,

	tglx

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ