From: Eli Cohen <eli@dev.mellanox.co.il>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: Eli Cohen <eli@mellanox.com>, Roland Dreier <roland@kernel.org>,
Sean Hefty <sean.hefty@intel.com>,
Hal Rosenstock <hal.rosenstock@gmail.com>,
linux-rdma@vger.kernel.org, kernel-janitors@vger.kernel.org
Subject: Re: [patch] IB/mlx5: stack info leak in mlx5_ib_alloc_ucontext()
Date: Mon, 29 Jul 2013 15:02:28 +0300 [thread overview]
Message-ID: <20130729120228.GA20064@mtldesk30> (raw)
In-Reply-To: <20130728202323.GA5053@mwanda>
On Sun, Jul 28, 2013 at 11:24:43PM +0300, Dan Carpenter wrote:
>
> First let me say that I don't know how this code is called, it may
> be root only, but even in that case I think it's still worth
> applying my patch.
It can be called by non root users as well.
>
> These info leak problems are a well known security problem so I
> didn't put a long explanation. What you do is you fill the stack
> with function pointers, then you call the function that leaks. Then
> you have a potentially useful pointer which was supposed to be
> secret. Something like that anyway.
>
> There are probably lots of other easier ways to defeat address space
> randomization. There may be other ways you can use info leaks as
> well...
>
> Anyway, regardless, static checkers and code auditors look for these
> leaks so applying the patch makes sense just to silence a warning.
>
OK, I am convinced that it's worth applying.
Acked by Eli Cohen <eli@mellanox.com>
prev parent reply other threads:[~2013-07-29 12:02 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-25 17:04 [patch] IB/mlx5: stack info leak in mlx5_ib_alloc_ucontext() Dan Carpenter
2013-07-28 7:23 ` Eli Cohen
2013-07-28 20:24 ` Dan Carpenter
2013-07-29 12:02 ` Eli Cohen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130729120228.GA20064@mtldesk30 \
--to=eli@dev.mellanox.co.il \
--cc=dan.carpenter@oracle.com \
--cc=eli@mellanox.com \
--cc=hal.rosenstock@gmail.com \
--cc=kernel-janitors@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=roland@kernel.org \
--cc=sean.hefty@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox