| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGXu5jK2kNgccbbuadjUFn+bbj9_02HbQfjUDeL4sNz1GWtHEQ@mail.gmail.com>
Date: Wed, 24 Oct 2012 14:33:02 -0700
From: Kees Cook <keescook@...omium.org>
To: Andrew Morton <akpm@...ux-foundation.org>
Cc: linux-kernel@...r.kernel.org, Michal Marek <mmarek@...e.cz>,
Brad Spengler <spender@...ecurity.net>,
PaX Team <pageexec@...email.hu>
Subject: Re: [RESEND][PATCH] gen_init_cpio: avoid stack overflow when expanding
On Wed, Oct 24, 2012 at 2:02 PM, Andrew Morton
<akpm@...ux-foundation.org> wrote:
> On Wed, 24 Oct 2012 13:57:56 -0700
> Kees Cook <keescook@...omium.org> wrote:
>
>> Fix possible overflow of the buffer used for expanding environment
>> variables when building file list.
>>
>> $ cat usr/crash.list
>> file foo ${BIG}${BIG}${BIG}${BIG}${BIG}${BIG} 0755 0 0
>> $ BIG=$(perl -e 'print "A" x 4096;') ./usr/gen_init_cpio usr/crash.list
>> *** buffer overflow detected ***: ./usr/gen_init_cpio terminated
>>
>> This also replaces the space-indenting with tabs.
>>
>> Patch based on existing fix extracted from grsecurity.
>>
>> ...
>>
>> Cc: stable@...r.kernel.org
>
> Why did you feel we need to backport this to -stable?
It's an extremely hard to hit security issue, but it's a security fix
regardless. I won't cry if it doesn't go to stable, but it seems a
trivial fix, so I included it for stable.
-Kees
--
Kees Cook
Chrome OS Security
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists