Re: [patch 03/26] sysfs: zero terminate sysfs write buffers (CVE-2006-1055)

From: Al Viro
Date: Wed Apr 05 2006 - 11:22:04 EST

Next message: Jon Smirl: "Re: [patch 03/26] sysfs: zero terminate sysfs write buffers (CVE-2006-1055)"
Previous message: Randy.Dunlap: "[PATCH] kexec: update MAINTAINERS"
In reply to: Sergey Vlasov: "Re: [patch 03/26] sysfs: zero terminate sysfs write buffers(CVE-2006-1055)"
Next in thread: Jon Smirl: "Re: [patch 03/26] sysfs: zero terminate sysfs write buffers (CVE-2006-1055)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Apr 05, 2006 at 07:09:28PM +0400, Sergey Vlasov wrote:
> This will break the "color_map" sysfs file for framebuffers -
> drivers/video/fbsysfs.c:store_cmap() expects to get exactly 4096 bytes
> for a colormap with 256 entries. In fact, the original patch which
> changed PAGE_SIZE - 1 to PAGE_SIZE:

... cheerfully assuming that nobody assumes NUL-termination and
everyone (sysfs patch writers!) certainly uses the length argument.
Fscking brilliant, that.

Are you willing to audit all sysfs ->show() in the kernel? Original
author of that turd had not been.

FWIW, "color_map" is a blatant abuse of interface. Doesn't get
any more borderline...

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jon Smirl: "Re: [patch 03/26] sysfs: zero terminate sysfs write buffers (CVE-2006-1055)"
Previous message: Randy.Dunlap: "[PATCH] kexec: update MAINTAINERS"
In reply to: Sergey Vlasov: "Re: [patch 03/26] sysfs: zero terminate sysfs write buffers(CVE-2006-1055)"
Next in thread: Jon Smirl: "Re: [patch 03/26] sysfs: zero terminate sysfs write buffers (CVE-2006-1055)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]