Re: d_path() truncating excessive long path name vulnerability

Paul Szabo (psz@maths.usyd.edu.au)
Wed, 27 Nov 2002 13:04:04 +1100 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Larry McVoy: "Re: 2.5 problem with SMC2632W adapter"
Previous message: J.A. Magallon: "Thread accounting"
Next in thread: Solar Designer: "Re: d_path() truncating excessive long path name vulnerability"
Reply: Solar Designer: "Re: d_path() truncating excessive long path name vulnerability"

Back in March 2002, Wojciech Purczynski <cliph@isec.pl> wrote (original
article at http://online.securityfocus.com/archive/1/264117 ):

> Name: Linux kernel
> Version: up to 2.2.20 and 2.4.18
> ...
> In case of excessively long path names d_path kernel internal function
> returns truncated trailing components of a path name instead of an error
> value. As this function is called by getcwd(2) system call and
> do_proc_readlink() function, false information may be returned to
> user-space processes.

The problem is still present in Debian 2.4.19 kernel. I have not tried 2.5,
but see nothing relevant in the Changelogs at http://www.kernel.org/ .

Cheers,

Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Larry McVoy: "Re: 2.5 problem with SMC2632W adapter"
Previous message: J.A. Magallon: "Thread accounting"
Next in thread: Solar Designer: "Re: d_path() truncating excessive long path name vulnerability"
Reply: Solar Designer: "Re: d_path() truncating excessive long path name vulnerability"