lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20190214094447.0adeea8e@gandalf.local.home>
Date:   Thu, 14 Feb 2019 09:44:47 -0500
From:   Steven Rostedt <rostedt@...dmis.org>
To:     Changbin Du <changbin.du@...il.com>
Cc:     mingo@...hat.com, linux-kernel@...r.kernel.org,
        stable@...r.kernel.org
Subject: Re: [PATCH] kprobe: safely access memory specified by userspace

On Thu, 14 Feb 2019 14:10:44 +0000
Changbin Du <changbin.du@...il.com> wrote:

> > No I didn't have the fix. I was running an older kernel actually. One
> > before commit 9da3f2b74054406f87dff7101a569217ffceb29b was added.
> > There's nothing actually wrong with that code, since kprobes is allowed
> > to poke at anything. But that commit considers the kernel using copy
> > from user to poke kernel address space is a security bug.
> >   
> Glade to know that. And I wonder wether all such cases have been
> disclosed. I noticed the uprobe code also uses some usercopy functions.

Well, uprobe shouldn't be poking at kernel addresses ;-)

-- Steve

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ