netdev
[Top] [All Lists]

Re: [Coverity] Untrusted user data in kernel

To: Oliver Neukum <oliver@xxxxxxxxxx>
Subject: Re: [Coverity] Untrusted user data in kernel
From: Tomas Carnecky <tom@xxxxxxxxxxxxx>
Date: Fri, 17 Dec 2004 20:39:38 +0100
Cc: linux-os@xxxxxxxxxxxx, Bill Davidsen <davidsen@xxxxxxx>, James Morris <jmorris@xxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, Bryan Fulton <bryan@xxxxxxxxxxxx>, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
In-reply-to: <200412172030.04831.oliver@neukum.org>
References: <41C26DD1.7070006@trash.net> <Pine.LNX.4.61.0412171108340.4216@chaos.analogic.com> <41C330F7.4000806@dbservice.com> <200412172030.04831.oliver@neukum.org>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)
Oliver Neukum wrote:
But the difference between you example (cp /dev/zero /dev/mem) and passing unchecked data to the kernel is... you _can_ check the data and


This is the difference:
static int open_port(struct inode * inode, struct file * filp)
{
        return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
}
(from mem.c)


OK, but my point was, whenever you can check the 'contents' of the data passed to the kernel, do it. You can't check if the data someone writes to /dev/mem is valid or not, but you can check for out-of-range/etc. data in ioctl & friends.


tom


<Prev in Thread] Current Thread [Next in Thread>