>
> This is sys32_newstat from today's CVS:
>
> asmlinkage int
> sys32_newstat(char * filename, struct stat32 *statbuf)
> {
> int ret;
> struct stat s;
> mm_segment_t old_fs = get_fs();
>
> set_fs (KERNEL_DS);
> ret = sys_newstat(filename, &s);
> set_fs (old_fs);
> if (putstat (statbuf, &s))
> return -EFAULT;
>
> return ret;
> }
Whoever did this picked the arch/ia64/ia32/sys_ia32.c verbatim.
>
> Note that set_fs(KERNEL_DS) also allows the filename to be fetched from
> anywhere in memory including kernel space resulting in a potencial
> information leak or crash.
Define how you can get a information leak or crash. I haven't looked
too closely, but I assume the fs/namei.c routines protect themselves.
In any case, most other ioctls on 64 bit platforms have this same problem
then.
>
> Question: why do we have two implementations of each of sys32_newstat,
> sys32_newlstat and sys32_newfstat in linux32.c?
>
One is probably the sparc64, and the other the ia64 implementation.
Kanoj
> Ralf
>
|