Re: [CHECKER] two probable security holes

David S. Miller (davem@redhat.com)
Mon, 24 Sep 2001 18:27:14 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rik van Riel: "Re: [OT] New Anti-Terrorism Law makes "hacking" punishable by life"
Previous message: Linus Torvalds: "Re: 2.4.10 VM: what avoids from having lots of unwriteable inactive"

From: Ken Ashcraft <kash@Stanford.EDU>
Date: Mon, 24 Sep 2001 17:41:44 -0700 (PDT)

It happens because the format string to a printing function is
set by the user. You are correct that ifr_name[] is not a user pointer,
but the contents of that array could contain dangerous placeholders set by
the user. I hope that clears things up.

I see... luckily these are (as far as I can tell) all root-only
operations.

Ok, it's pretty easy to add a quick verifier to dev_alloc_name, I'll
code that up.

Franks a lot,
David S. Miller
davem@redhat.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rik van Riel: "Re: [OT] New Anti-Terrorism Law makes "hacking" punishable by life"
Previous message: Linus Torvalds: "Re: 2.4.10 VM: what avoids from having lots of unwriteable inactive"