Re: [Coverity] Untrusted user data in kernel

From: Tomas Carnecky
Date: Fri Dec 17 2004 - 14:37:33 EST

Next message: Serge E. Hallyn: "Re: [PATCH] Split bprm_apply_creds into two functions"
Previous message: Jens Axboe: "Re: Cannot mount multi-session DVD with ide-cd, must use ide-scsi"
In reply to: David S. Miller: "Re: [Coverity] Untrusted user data in kernel"
Next in thread: David S. Miller: "Re: [Coverity] Untrusted user data in kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

David S. Miller wrote:

On Fri, 17 Dec 2004 14:18:52 +0100
Tomas Carnecky <tom@xxxxxxxxxxxxx> wrote:

IMHO such things (passing values between user/kernel space) should always be checked.

As per Patrick's posting, which James was responding to, it is
checked at the level above this function.

Is only the capability checked or also the data passed to the kernel?
It's not clear from Patricks reply:
> It is already checked in do_ip6t_set_ctl(). Otherwise anyone could
> replace iptables rules :)
For me it seems that only CAP_NET_ADMIN is checked and not the data.

tom
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Serge E. Hallyn: "Re: [PATCH] Split bprm_apply_creds into two functions"
Previous message: Jens Axboe: "Re: Cannot mount multi-session DVD with ide-cd, must use ide-scsi"
In reply to: David S. Miller: "Re: [Coverity] Untrusted user data in kernel"
Next in thread: David S. Miller: "Re: [Coverity] Untrusted user data in kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]