lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 24 Oct 2016 05:12:12 -0700
From:   Michael Zoran <mzoran@...wfest.net>
To:     Dan Carpenter <dan.carpenter@...cle.com>
Cc:     gregkh@...uxfoundation.org, devel@...verdev.osuosl.org,
        daniels@...labora.com, linux-kernel@...r.kernel.org,
        eric@...olt.net, noralf@...nnes.org, popcornmix@...il.com
Subject: Re: [PATCH 1/2] staging: vc04_services: Fix unportable cast in
 vchiq_copy_from_user

On Mon, 2016-10-24 at 14:58 +0300, Dan Carpenter wrote:
> On Mon, Oct 24, 2016 at 04:39:49AM -0700, Michael Zoran wrote:
> > On Mon, 2016-10-24 at 14:36 +0300, Dan Carpenter wrote:
> > > On Mon, Oct 24, 2016 at 04:09:37AM -0700, Michael Zoran wrote:
> > > > I didn't think it looked totally correct, but I'm not sure it's
> > > > any
> > > > more broken then what is already in the tree.
> > > 
> > > It's not more broken.  But better to leave the compile warning
> > > there
> > > to
> > > mark that it is an obvious security problem.
> > > 
> > > > 
> > > > If you can kindly point me to some other source code or
> > > > documentation
> > > > to look at that is correct, I'm more then willing to fix the
> > > > patch.
> > > > 
> > > 
> > > I was hoping the maintainers could chip in, because I didn't want
> > > to
> > > look at the code.  We really need to track which are use pointers
> > > and
> > > which are kernel pointers.  We can't mix them like this.
> > > 
> > > regards,
> > > dan carpenter
> > > 
> > 
> > The problem is that I'm mostly interested in arm64 ATM, and I don't
> > think the existing code works at all with 64 bit pointers.
> > 
> > Broken as it may be...
> 
> It's a security issue.  We'll get this fixed in a day or two.
> 
> regards,
> dan carpenter

If security is a major goal with this driver, I think the whole driver
needs to be thrown out the door and rewritten from scratch!

This driver is for the Raspberry PI and a very, very big assumption
that is in the whole architecture is that local processes are trusted. 
I can give you probably a phone book of issues like this with this
driver, but I'm thinking that's outside the scope of this patch set and
outside the scope of what I'm trying to do.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ