Re: [Coverity] Untrusted user data in kernel

From: Alan Cox
Date: Thu Jan 06 2005 - 12:42:45 EST

Next message: Alan Cox: "Re: Questions about the CMD640 and RZ1000 bugfix support options"
Previous message: Alan Cox: "Re: 2.6.10: "[permanent]" modules?"
In reply to: Paulo Marques: "Re: [Coverity] Untrusted user data in kernel"
Next in thread: Jan Harkes: "[PATCH 2.4.29-pre3-bk4] fs/coda Re: [Coverity] Untrusted user data in kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The SDLA_CLEAR ioctl (the sdla_clear(dev) function) tries
> to clear exactly 65536 bytes (hardcoded at sdla.c:sdla_clear() line 140).
> So the mem.len should be <= 65536 bytes, and even mem.addr + mem.len
> should be <= 65536 bytes.
>
> So I propose the following patch (maybe the constant 65536 should
> be defined in sdla.h and used both in sdla_xfer() and sdla_clear()):

I'd propose they are set to CAP_SYS_RAWIO for those specific
debugging/firmware load operations. They allow access to that level
potentially anyway. That solves the problem cleanly.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: Questions about the CMD640 and RZ1000 bugfix support options"
Previous message: Alan Cox: "Re: 2.6.10: "[permanent]" modules?"
In reply to: Paulo Marques: "Re: [Coverity] Untrusted user data in kernel"
Next in thread: Jan Harkes: "[PATCH 2.4.29-pre3-bk4] fs/coda Re: [Coverity] Untrusted user data in kernel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]