netdev
[Top] [All Lists]

eepro100 security fix [was: Re: MII access]

To: torvalds@xxxxxxxxxxxxx
Subject: eepro100 security fix [was: Re: MII access]
From: Andrey Savochkin <saw@xxxxxxxxxxxxx>
Date: Sat, 9 Jun 2001 22:07:59 -0400
Cc: Bogdan Costescu <bogdan.costescu@xxxxxxxxxxxxxxxxxxxxx>, Jeff Garzik <jgarzik@xxxxxxxxxxxxxxxx>, Alan Cox <alan@xxxxxxxxxxxxxxxxxxx>, Mark Frazer <mark@xxxxxxxxxxxxxxxx>, Pete Zaitcev <zaitcev@xxxxxxxxxx>, Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>, netdev@xxxxxxxxxxx
In-reply-to: <Pine.LNX.4.33.0106051104140.5137-100000@kenzo.iwr.uni-heidelberg.de>; from "Bogdan Costescu" on Tue, Jun 05, 2001 at 11:07:06AM
References: <3B1A2982.C53B159C@mandrakesoft.com> <Pine.LNX.4.33.0106051104140.5137-100000@kenzo.iwr.uni-heidelberg.de>
Sender: owner-netdev@xxxxxxxxxxx
Linus,

Please apply the attached patch.
It fixes a security problem of user-controlled access to the card ports from
a non-privileged ioctl which should have read-only semantics.

Best regards
                Andrey

On Tue, Jun 05, 2001 at 11:07:06AM +0200, Bogdan Costescu wrote:
> On Sun, 3 Jun 2001, Jeff Garzik wrote:
> 
> > Bogdan Costescu wrote:
> > > With clearer mind, I have to make some a correction to one of the previous
> > > messages: the problem of not checking arguments range does not apply to
> > > 3c59x which has in the ioctl function '& 0x1f' for both transceiver number
> > > and register number. However, eepro100 and tulip don't do that. (I'm
> > > checking now with 2.4.3 from Mandrake 8, but I don't think that there were
> > > recent changes in these areas).
> >
> > half right -- tulip does this for the phy id but not the MII register
> > number.  I'll fix that up.  Please bug Andrey about fixing up
> > eepro100...

Attachment: mii-access1
Description: Text document

<Prev in Thread] Current Thread [Next in Thread>