security patch for drivers/char/n_tty.c

From: plinius
Date: Sat Sep 25 2004 - 16:51:00 EST

Next message: Linus Torvalds: "Re: [2.6] smbfs & "du" illness"
Previous message: Stefan Seyfried: "Re: 2.6.9-rc2-mm3: swsusp horribly slow on AMD64"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

Recently while examining the Linux tty code I noticed that my
root password was still in read_buf some time after logging in,
long after it was "read".

I thought it might be a good idea to add a fix to clear out
characters after they're read. The patch seems to work all right.

This is for kernel 2.6.8.1 and the file is drivers/char/n_tty.c.

Enjoy,
Z Smith

Inline patch:

30a31,33
> *
> * 2004/09/20 by Z Smith (plinius@xxxxxxxxxxx): chars now truly erased upon
> * reading from read_buf for better security.
380a384
> tty->read_buf[head] = 0;
420a425
> tty->read_buf[tail] = 0;
1108a1114
> tty->read_buf[tty->read_tail] = 0;

-end-

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Linus Torvalds: "Re: [2.6] smbfs & "du" illness"
Previous message: Stefan Seyfried: "Re: 2.6.9-rc2-mm3: swsusp horribly slow on AMD64"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]