| To: | Bill Davidsen <davidsen@xxxxxxx> |
|---|---|
| Subject: | Re: [Coverity] Untrusted user data in kernel |
| From: | linux-os <linux-os@xxxxxxxxxxxxxxxxxx> |
| Date: | Fri, 17 Dec 2004 11:11:37 -0500 (EST) |
| Cc: | James Morris <jmorris@xxxxxxxxxx>, Patrick McHardy <kaber@xxxxxxxxx>, Bryan Fulton <bryan@xxxxxxxxxxxx>, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx |
| In-reply-to: | <41C2FF99.3020908@xxxxxxx> |
| References: | <41C26DD1.7070006@xxxxxxxxx> <Xine.LNX.4.44.0412170144410.12579-100000@xxxxxxxxxxxxxxxxxxxxxxxx> <41C2FF99.3020908@xxxxxxx> |
| Reply-to: | linux-os@xxxxxxxxxxxx |
| Sender: | netdev-bounce@xxxxxxxxxxx |
On Fri, 17 Dec 2004, Bill Davidsen wrote: James Morris wrote:On Fri, 17 Dec 2004, Patrick McHardy wrote:James Morris wrote:This at least needs CAP_NET_ADMIN.It is already checked in do_ip6t_set_ctl(). Otherwise anyone could replace iptables rules :)That's what I meant, you need the capability to do anything bad :-)Are you saying that processes with capability don't make mistakes? This isn't a bug related to untrusted users doing privileged operations, it's a case of using unchecked user data.
But isn't there always the possibility of "unchecked user data"?
I can, as root, do `cp /dev/zero /dev/mem` and have the most
spectacular crask you've evet seen. I can even make my file-
systems unrecoverable.
Cheers,
Dick Johnson
Penguin : Linux version 2.6.9 on an i686 machine (5537.79 BogoMips).
Notice : All mail here is now cached for review by Dictator Bush.
98.36% of all statistics are fiction.
|
| Previous by Date: | Re: primary and secondary ip addresses, Andrea G Forte |
|---|---|
| Next by Date: | Re: [Coverity] Untrusted user data in kernel, Oliver Neukum |
| Previous by Thread: | Re: [Coverity] Untrusted user data in kernel, Bill Davidsen |
| Next by Thread: | Re: [Coverity] Untrusted user data in kernel, Oliver Neukum |
| Indexes: | [Date] [Thread] [Top] [All Lists] |