| To: | "David S. Miller" <davem@xxxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [Coverity] Untrusted user data in kernel |
| From: | Tomas Carnecky <tom@xxxxxxxxxxxxx> |
| Date: | Fri, 17 Dec 2004 20:34:55 +0100 |
| Cc: | jmorris@xxxxxxxxxx, kaber@xxxxxxxxx, bryan@xxxxxxxxxxxx, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx |
| In-reply-to: | <20041217111634.740d4d46.davem@xxxxxxxxxxxxx> |
| References: | <Xine.LNX.4.44.0412170144410.12579-100000@xxxxxxxxxxxxxxxxxxxxxxxx> <41C2DCBC.1080302@xxxxxxxxxxxxx> <20041217111634.740d4d46.davem@xxxxxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mozilla Thunderbird 1.0 (Windows/20041206) |
David S. Miller wrote: On Fri, 17 Dec 2004 14:18:52 +0100 Tomas Carnecky <tom@xxxxxxxxxxxxx> wrote:IMHO such things (passing values between user/kernel space) should always be checked.As per Patrick's posting, which James was responding to, it is checked at the level above this function. Is only the capability checked or also the data passed to the kernel? It's not clear from Patricks reply: > It is already checked in do_ip6t_set_ctl(). Otherwise anyone could > replace iptables rules :) For me it seems that only CAP_NET_ADMIN is checked and not the data. tom |
| Previous by Date: | Re: primary and secondary ip addresses, David S. Miller |
|---|---|
| Next by Date: | Re: [Coverity] Untrusted user data in kernel, Oliver Neukum |
| Previous by Thread: | Re: [Coverity] Untrusted user data in kernel, David S. Miller |
| Next by Thread: | Re: [Coverity] Untrusted user data in kernel, David S. Miller |
| Indexes: | [Date] [Thread] [Top] [All Lists] |