| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Sep 2022 09:02:31 +0000
From: cgel.zte@...il.com
To: ast@...nel.org
Cc: daniel@...earbox.net, andrii@...nel.org, martin.lau@...ux.dev,
song@...nel.org, yhs@...com, john.fastabend@...il.com,
kpsingh@...nel.org, sdf@...gle.com, haoluo@...gle.com,
jolsa@...nel.org, bpf@...r.kernel.org,
linux-kernel@...r.kernel.org, Xu Panda <xu.panda@....com.cn>,
Zeal Robot <zealci@....com.cn>
Subject: [PATCH linu-next] samples/bpf: use absolute path for dd
From: Xu Panda <xu.panda@....com.cn>
Not using absolute path when invoking dd can lead to serious security
issues.
Reported-by: Zeal Robot <zealci@....com.cn>
Signed-off-by: Xu Panda <xu.panda@....com.cn>
---
samples/bpf/trace_event_user.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/samples/bpf/trace_event_user.c b/samples/bpf/trace_event_user.c
index 9664749bf618..d841918accc9 100644
--- a/samples/bpf/trace_event_user.c
+++ b/samples/bpf/trace_event_user.c
@@ -126,7 +126,7 @@ static void print_stacks(void)
static inline int generate_load(void)
{
- if (system("dd if=/dev/zero of=/dev/null count=5000k status=none") < 0) {
+ if (system("/usr/bin/dd if=/dev/zero of=/dev/null count=5000k status=none") < 0) {
printf("failed to generate some load with dd: %s\n", strerror(errno));
return -1;
}
--
2.15.2
Powered by blists - more mailing lists