lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Fri, 7 Nov 2014 10:00:25 +0800
From:	Herbert Xu <herbert@...dor.apana.org.au>
To:	David Miller <davem@...emloft.net>
Cc:	viro@...IV.linux.org.uk, netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org, bcrl@...ck.org, nakam@...ux-ipv6.org,
	yoshfuji@...ux-ipv6.org
Subject: Re: ipv4: Use standard iovec primitive in raw_probe_proto_opt

On Thu, Nov 06, 2014 at 04:28:08PM -0500, David Miller wrote:
> From: Herbert Xu <herbert@...dor.apana.org.au>
> Date: Thu, 6 Nov 2014 14:46:29 +0800
> 
> > On Thu, Nov 06, 2014 at 06:43:18AM +0000, Al Viro wrote:
> >> On Thu, Nov 06, 2014 at 01:50:23PM +0800, Herbert Xu wrote:
> >> > +	/* We only need the first two bytes. */
> >> > +	err = memcpy_fromiovecend((void *)&icmph, msg->msg_iov, 0, 2);
> >> > +	if (err)
> >> > +		return err;
> >> > +
> >> > +	fl4->fl4_icmp_type = icmph.type;
> >> > +	fl4->fl4_icmp_code = icmph.code;
> >> 
> >> That's more readable, but that exposes another problem in there - we read
> >> the same piece of userland data twice, with no promise whatsoever that we'll
> >> get the same value both times...
> > 
> > Sure, but you have to be root anyway to write to raw sockets.
> > 
> > Patches are welcome :)
> 
> I'd agree with this root-only argument maybe 15 years ago, but with
> containers and stuff like that we want to prevent root X from messing
> up the machine for root Y.
> 
> This is a recurring topic, and I'd strongly like to avoid adding new
> ways that these kinds of problems can happen.
> 
> For example, I'm still on the hook to address the AF_NETLINK mmap TX
> code, which has a similarly abusable issue.

Fair enough.  Even though the bug existed prior to my patch I'll
see if we could get rid of it.

Cheers,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists