|To:||Bill Davidsen <davidsen@xxxxxxx>|
|Subject:||Re: [Coverity] Untrusted user data in kernel|
|Date:||Fri, 17 Dec 2004 11:11:37 -0500 (EST)|
|Cc:||James Morris <jmorris@xxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, Bryan Fulton <bryan@xxxxxxxxxxxx>, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx|
|References:||<41C26DD1.7070006@xxxxxxxxx> <Xine.LNX.4.44.0412170144410.12579-100000@xxxxxxxxxxxxxxxxxxxxxxxx> <41C2FF99.3020908@xxxxxxx>|
On Fri, 17 Dec 2004, Bill Davidsen wrote:
James Morris wrote:On Fri, 17 Dec 2004, Patrick McHardy wrote:James Morris wrote:This at least needs CAP_NET_ADMIN.It is already checked in do_ip6t_set_ctl(). Otherwise anyone could replace iptables rules :)That's what I meant, you need the capability to do anything bad :-)Are you saying that processes with capability don't make mistakes? This isn't a bug related to untrusted users doing privileged operations, it's a case of using unchecked user data.
But isn't there always the possibility of "unchecked user data"? I can, as root, do `cp /dev/zero /dev/mem` and have the most spectacular crask you've evet seen. I can even make my file- systems unrecoverable. Cheers, Dick Johnson Penguin : Linux version 2.6.9 on an i686 machine (5537.79 BogoMips). Notice : All mail here is now cached for review by Dictator Bush. 98.36% of all statistics are fiction.
|<Prev in Thread]||Current Thread||[Next in Thread>|
|Previous by Date:||Re: primary and secondary ip addresses, Andrea G Forte|
|Next by Date:||Re: [Coverity] Untrusted user data in kernel, Oliver Neukum|
|Previous by Thread:||Re: [Coverity] Untrusted user data in kernel, Bill Davidsen|
|Next by Thread:||Re: [Coverity] Untrusted user data in kernel, Oliver Neukum|
|Indexes:||[Date] [Thread] [Top] [All Lists]|