[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Yyw0JskGMbGE1lHK@kroah.com>
Date: Thu, 22 Sep 2022 12:08:38 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: cgel.zte@...il.com
Cc: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
martin.lau@...ux.dev, song@...nel.org, yhs@...com,
john.fastabend@...il.com, kpsingh@...nel.org, sdf@...gle.com,
haoluo@...gle.com, jolsa@...nel.org, bpf@...r.kernel.org,
linux-kernel@...r.kernel.org, Xu Panda <xu.panda@....com.cn>,
Zeal Robot <zealci@....com.cn>
Subject: Re: [PATCH linu-next] samples/bpf: use absolute path for dd
On Thu, Sep 22, 2022 at 09:02:31AM +0000, cgel.zte@...il.com wrote:
> From: Xu Panda <xu.panda@....com.cn>
>
> Not using absolute path when invoking dd can lead to serious security
> issues.
>
> Reported-by: Zeal Robot <zealci@....com.cn>
> Signed-off-by: Xu Panda <xu.panda@....com.cn>
> ---
> samples/bpf/trace_event_user.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/samples/bpf/trace_event_user.c b/samples/bpf/trace_event_user.c
> index 9664749bf618..d841918accc9 100644
> --- a/samples/bpf/trace_event_user.c
> +++ b/samples/bpf/trace_event_user.c
> @@ -126,7 +126,7 @@ static void print_stacks(void)
>
> static inline int generate_load(void)
> {
> - if (system("dd if=/dev/zero of=/dev/null count=5000k status=none") < 0) {
> + if (system("/usr/bin/dd if=/dev/zero of=/dev/null count=5000k status=none") < 0) {
> printf("failed to generate some load with dd: %s\n", strerror(errno));
> return -1;
> }
> --
> 2.15.2
Again, please stop submitting patches for Linux kernel development at
this point in time until your company has fixed their development
process.
You have been warned many times about this, and we have heard nothing
back from you at all. I'll go ask for your email address to now be
banned from our lists, sorry.
greg k-h
Powered by blists - more mailing lists