Re: copy_from_user() fix

Richard Henderson (rth@dot.cygnus.com)
Sat, 22 Aug 1998 19:14:15 -0700


On Sat, Aug 22, 1998 at 01:58:25PM +0400, Savochkin Andrey Vladimirovich wrote:
> There are few places in the kernel where uncleared pages may be exposed
> to users. I consider it as a very important security problem.
[...]
> - clears the remaining memory in outline __generic_copy_from_user()
> in arch/i386/lib/usercopy.c keeping inline __copy_from_user() without
> the extra code;
> - makes sure that generic and i386 specific code don't use __copy_from_user()

No good. It _is_ an important problem, and should be treated as such.
The only way you can be sure that you've closed all of the holes is to
make sure there are _no_ entry points that could be potential problems.
Thus you must fix __copy_from_user.

Note that this will also ...

> - arch/i386/math-emu/reg_ld_str.c to clear the memory after
> __copy_from_user() if needed.

... make this bit of extreme uglyness go away.

> The second part of the patch makes dirty changes to copy_from_user()
> implementation for other architectures except sparc64 where memory
> clearing has already been implemented.

Please leave other architectures alone, as you clearly don't know
what's going on here. For instance, you "fixed" Alpha when it
wasn't broken. Note the last dozen lines of arch/alpha/lib/copy_user.S.

r~

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html