Re: Linux 2.6.22.18

From: Greg KH
Date: Tue Feb 12 2008 - 12:52:37 EST

Next message: Greg KH: "Re: multiple drivers, single device"
Previous message: Greg KH: "Re: Announce: Linux-next (Or Andrew's dream :-))"
In reply to: Florian Weimer: "Re: Linux 2.6.22.18"
Next in thread: Linus Torvalds: "Re: Linux 2.6.22.18"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Feb 12, 2008 at 06:48:42PM +0100, Florian Weimer wrote:
> * Greg KH:
>
> > the logic is a little different in 2.6.22 and earlier in regards to this
> > area of code. This way we are safer.
>
> Your patch doesn't include the CVE-2006-0010 hunk. Is this because
> get_user() implies an access_ok() check (while __copy_from_user()
> obviously does not)?

Yes, that is exactly why. CVE-2006-0010 and -0009 are not applicable to
kernels prior to 2.6.23.

thanks,

greg k-h
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "Re: multiple drivers, single device"
Previous message: Greg KH: "Re: Announce: Linux-next (Or Andrew's dream :-))"
In reply to: Florian Weimer: "Re: Linux 2.6.22.18"
Next in thread: Linus Torvalds: "Re: Linux 2.6.22.18"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]