| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Feb 2013 17:15:20 -0500 From: Sasha Levin <sasha.levin@...cle.com> To: Tejun Heo <tj@...nel.org> CC: Andrew Morton <akpm@...ux-foundation.org>, linux-kernel@...r.kernel.org, Thomas Gleixner <tglx@...utronix.de> Subject: Re: [PATCH] posix-timer: don't call idr_find() w/ negative ID On 02/20/2013 05:12 PM, Tejun Heo wrote: > On Wed, Feb 20, 2013 at 2:10 PM, Sasha Levin <sasha.levin@...cle.com> wrote: >> I do think that if you have to resort to using something like that there's >> something terribly wrong with the code somewhere else, and that other thing >> should be fixed first. >> >> Maybe digging into the timers code and seeing why this is needed there will >> prove me wrong... > > The problem is that userland can feed us any timer_t which makes it > necessary to properly sanitize the value before using it. Why can the timer be negative in the first place though? Why isn't the timer defined as an 'unsigned int' instead of an 'int' so that all values of timer would be legitimate? Thanks, sasha -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists