Re: [CHECKER] Help Needed!

Andi Kleen (ak@suse.de)
21 Apr 2003 15:47:37 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Peter Benie: "Verifying a RAID device (Was: Are linux-fs's drive-fault-tolerant by concept?)"
Previous message: Stephen Satchell: "Re: (OT) md5sum proving to be an EXCELLENT memory test"

Manfred Spraul <manfred@colorfullife.com> writes:

> P.S.: On i386, you can access both kernel and user space after
> set_fs(KERNEL_DS), or if you use __get_user() and bypass
> access_ok(). Thus the __get_user() in arch/i386/kernel/traps.c,
> function show_registers is correct. This is the only instance I'm
> aware of where this is used, and noone else should be doing that. It
> fails on other archs, e.g. on sparc.

It is used in a couple more of places in the x86-64 architecture specific
code. Of course it is legal there too.

Also there are some corner cases; e.g. some architecture specific
code (particularly the 32bit emulations) just does access_ok or
get_user/put_user (with implied access_ok) on the first element
of a structure and then accesses the other elements with __*_user.
This works because these architectures have an unmapped hole at the
end of the user address space.

But in most other cases (in general outside arch/) it is very likely
a bug and a security hole.

-Andi
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Peter Benie: "Verifying a RAID device (Was: Are linux-fs's drive-fault-tolerant by concept?)"
Previous message: Stephen Satchell: "Re: (OT) md5sum proving to be an EXCELLENT memory test"