netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Coverity] Untrusted user data in kernel

from [Bill Davidsen] [Permanent Link][Original]
To: James Morris <jmorris@xxxxxxxxxx>
Subject: Re: [Coverity] Untrusted user data in kernel
From: Bill Davidsen <davidsen@xxxxxxx>
Date: Fri, 17 Dec 2004 10:47:37 -0500
Cc: Patrick McHardy <kaber@xxxxxxxxx>, Bryan Fulton <bryan@xxxxxxxxxxxx>, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
In-reply-to: <Xine.LNX.4.44.0412170144410.12579-100000@thoron.boston.redhat.com>
References: <41C26DD1.7070006@trash.net> <Xine.LNX.4.44.0412170144410.12579-100000@thoron.boston.redhat.com>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040913
James Morris wrote: 
On Fri, 17 Dec 2004, Patrick McHardy wrote:


James Morris wrote:


This at least needs CAP_NET_ADMIN.


It is already checked in do_ip6t_set_ctl(). Otherwise anyone could
replace iptables rules :)


That's what I meant, you need the capability to do anything bad :-)

Are you saying that processes with capability don't make mistakes? This isn't a bug related to untrusted users doing privileged operations, it's a case of using unchecked user data.


--
   -bill davidsen (davidsen@xxxxxxx)
"The secret to procrastination is to put things off until the
 last possible moment - but no longer"  -me

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Coverity] Untrusted user data in kernel, James Morris
Next by Date:  Re: primary and secondary ip addresses, Andrea G Forte
Previous by Thread:  Re: [Coverity] Untrusted user data in kernel, David S. Miller
Next by Thread:  Re: [Coverity] Untrusted user data in kernel, linux-os
Indexes:  [Date] [Thread] [Top] [All Lists]