netdev
[Top] [All Lists]

Re: [Coverity] Untrusted user data in kernel

To: James Morris <jmorris@xxxxxxxxxx>
Subject: Re: [Coverity] Untrusted user data in kernel
From: Tomas Carnecky <tom@xxxxxxxxxxxxx>
Date: Fri, 17 Dec 2004 14:18:52 +0100
Cc: Patrick McHardy <kaber@xxxxxxxxx>, Bryan Fulton <bryan@xxxxxxxxxxxx>, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx
In-reply-to: <Xine.LNX.4.44.0412170144410.12579-100000@xxxxxxxxxxxxxxxxxxxxxxxx>
References: <Xine.LNX.4.44.0412170144410.12579-100000@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)
James Morris wrote:
That's what I meant, you need the capability to do anything bad :-)


But.. even if you have the 'permission' to do bad things, it shouldn't be possible.

It's a bug, and only because you can't exploit it if you haven't the right capabilities doesn't make the bug disappear.

IMHO such things (passing values between user/kernel space) should always be checked.

tom

<Prev in Thread] Current Thread [Next in Thread>