From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1161425Ab2JXV5A (ORCPT ); Wed, 24 Oct 2012 17:57:00 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:42277 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1161269Ab2JXV44 (ORCPT ); Wed, 24 Oct 2012 17:56:56 -0400 Date: Wed, 24 Oct 2012 14:56:55 -0700 From: Andrew Morton To: Kees Cook Cc: linux-kernel@vger.kernel.org, Michal Marek , Brad Spengler , PaX Team Subject: Re: [RESEND][PATCH] gen_init_cpio: avoid stack overflow when expanding Message-Id: <20121024145655.7db21d20.akpm@linux-foundation.org> In-Reply-To: References: <20121024205756.GA12419@www.outflux.net> <20121024140227.299041a9.akpm@linux-foundation.org> <20121024144442.6253965d.akpm@linux-foundation.org> X-Mailer: Sylpheed 3.0.2 (GTK+ 2.20.1; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 24 Oct 2012 14:53:33 -0700 Kees Cook wrote: > > Well, I do think that a description of the user impact of the bug > > should be included in the changelog so that poor old Greg can work out > > why we sent it at him. > > > > If you can suggest some suitable text I can copy-n-slurp that into the > > changelog. > > How about replacing the first paragraph with: > > Fix possible overflow of the buffer used for expanding environment > variables when building file list. In the extremely unlikely case of > an attacker having control over the environment variables visible to > gen_init_cpio, control over the contents of the file gen_init_cpio > parses, and gen_init_cpio was built without compiler hardening, the > attacker can gain arbitrary execution control via a stack buffer > overflow. ooh, spiffy - even I understood that!