[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20141106.162808.1546139916210194279.davem@davemloft.net>
Date: Thu, 06 Nov 2014 16:28:08 -0500 (EST)
From: David Miller <davem@...emloft.net>
To: herbert@...dor.apana.org.au
Cc: viro@...IV.linux.org.uk, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, bcrl@...ck.org, nakam@...ux-ipv6.org,
yoshfuji@...ux-ipv6.org
Subject: Re: ipv4: Use standard iovec primitive in raw_probe_proto_opt
From: Herbert Xu <herbert@...dor.apana.org.au>
Date: Thu, 6 Nov 2014 14:46:29 +0800
> On Thu, Nov 06, 2014 at 06:43:18AM +0000, Al Viro wrote:
>> On Thu, Nov 06, 2014 at 01:50:23PM +0800, Herbert Xu wrote:
>> > + /* We only need the first two bytes. */
>> > + err = memcpy_fromiovecend((void *)&icmph, msg->msg_iov, 0, 2);
>> > + if (err)
>> > + return err;
>> > +
>> > + fl4->fl4_icmp_type = icmph.type;
>> > + fl4->fl4_icmp_code = icmph.code;
>>
>> That's more readable, but that exposes another problem in there - we read
>> the same piece of userland data twice, with no promise whatsoever that we'll
>> get the same value both times...
>
> Sure, but you have to be root anyway to write to raw sockets.
>
> Patches are welcome :)
I'd agree with this root-only argument maybe 15 years ago, but with
containers and stuff like that we want to prevent root X from messing
up the machine for root Y.
This is a recurring topic, and I'd strongly like to avoid adding new
ways that these kinds of problems can happen.
For example, I'm still on the hook to address the AF_NETLINK mmap TX
code, which has a similarly abusable issue.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists