> And from time to time, security issues regarding ioctls that are not
> checking for privileges when they should are found. A central
> ioctl-directory is a good place to have privilege information too.
This is much less frequent in 2.1 with the current uaccess.h
implementations of copy_from_user, copy_to_user, get_user, put_user.
At least on i386, these facilities cannot stomp on kernel memory no
matter *what* values the user specifies.
There were some problems around 2.1.77 or so with buggy sound driver
code that had lots of __get_user and __put_user.
In fact, I would advise someone who wants to do a security check of the
kernel (either a Good Guy or a Bad Guy) to make a list of the unchecked
functions in uaccess.h, grep the entire kernel source for these functions,
and validate all of the use cases. They should all have explicit
constraint checks.
Michael
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/