Re: [Coverity] Untrusted user data in kernel

From: Tomas Carnecky
Date: Fri Dec 17 2004 - 08:17:41 EST

Next message: Roman Zippel: "Re: [patch] [RFC] make WANT_PAGE_VIRTUAL a config option"
Previous message: Hirokazu Takata: "[PATCH 2.6.10-rc3-mm1] m32r: Update 4-level page table support(was Re: [PATCH 8/17] 4level support for m32r)"
In reply to: James Morris: "Re: [Coverity] Untrusted user data in kernel"
Next in thread: David S. Miller: "Re: [Coverity] Untrusted user data in kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

James Morris wrote:

That's what I meant, you need the capability to do anything bad :-)

But.. even if you have the 'permission' to do bad things, it shouldn't be possible.

It's a bug, and only because you can't exploit it if you haven't the right capabilities doesn't make the bug disappear.

IMHO such things (passing values between user/kernel space) should always be checked.

tom
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Roman Zippel: "Re: [patch] [RFC] make WANT_PAGE_VIRTUAL a config option"
Previous message: Hirokazu Takata: "[PATCH 2.6.10-rc3-mm1] m32r: Update 4-level page table support(was Re: [PATCH 8/17] 4level support for m32r)"
In reply to: James Morris: "Re: [Coverity] Untrusted user data in kernel"
Next in thread: David S. Miller: "Re: [Coverity] Untrusted user data in kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]