> FWIW, I've included a workaround for this (covering the getcwd(2) case
> only, not other uses of d_path() by the kernel or modules) in 2.2.21-ow1
> patch and it went into 2.2.22 release in September.
Another reply shows that a patch has been submitted, but not acted upon:
> From jikos@jikos.cz Wed Nov 27 21:39:07 2002
> Date: Wed, 27 Nov 2002 11:38:25 +0100 (CET)
> From: Jirka Kosina <jikos@jikos.cz>
> To: Paul Szabo <psz@maths.usyd.edu.au>
> Subject: Re: d_path() truncating excessive long path name vulnerability
>
> On Wed, 27 Nov 2002, Paul Szabo wrote:
>
> > > In case of excessively long path names d_path kernel internal function
> > > returns truncated trailing components of a path name instead of an error
> > > value. As this function is called by getcwd(2) system call and
> > > do_proc_readlink() function, false information may be returned to
> > > user-space processes.
> > The problem is still present in Debian 2.4.19 kernel. I have not tried 2.5,
> > but see nothing relevant in the Changelogs at http://www.kernel.org/ .
>
> I've sent patch to linux-kernel, but noone seemed interested
> (http://www.cs.helsinki.fi/linux/linux-kernel/2002-13/0054.html)
>
> --
> JiKos.
Cheers,
Paul Szabo - psz@maths.usyd.edu.au http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics University of Sydney 2006 Australia
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/