| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <dfe40435294b43b6860153b9200a39fc@AcuMS.aculab.com>
Date: Fri, 27 Aug 2021 08:34:04 +0000
From: David Laight <David.Laight@...LAB.COM>
To: 'Peter Collingbourne' <pcc@...gle.com>
CC: "David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Colin Ian King <colin.king@...onical.com>,
Cong Wang <cong.wang@...edance.com>,
Al Viro <viro@...iv.linux.org.uk>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"stable@...r.kernel.org" <stable@...r.kernel.org>
Subject: RE: [PATCH] net: don't unconditionally copy_from_user a struct ifreq
for socket ioctls
From: Peter Collingbourne
> Sent: 26 August 2021 20:46
...
> > The other sane thing is to check _IOC_SIZE().
> > Since all the SIOCxxxx have a correct _IOC_SIZE() that can be
> > used to check the user copy length.
> > (Unlike socket options the correct length is always supplied.
>
> FWIW, it doesn't look like any of them have the _IOC_SIZE() bits set,
> so that won't work. _IOC_TYPE() seems better anyway.
Linus must have stolen those definitions from SVSV not one of the BSDs.
The BSD's started using the high 16 bits when they moved to 32bit.
Something I've written kernel code for required those bits be set
and would then do the user copies in the syscall entry paths.
It won't be SYSV because I used 3 character 'type' fields on that.
Windows does do the copies - but is entirely 'not quite' different.
So it must have been NetBDSD.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
Powered by blists - more mailing lists