From: Georg Lippold <georg.lippold@gmx.de>
To: Alon Bar-Lev <alon.barlev@gmail.com>
Cc: LKML <linux-kernel@vger.kernel.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Jesper Juhl <jesper.juhl@gmail.com>
Subject: Re: [PATCH 1/1] 2.6.14-rc3 x86: COMMAND_LINE_SIZE
Date: Mon, 10 Oct 2005 22:36:59 +0200 [thread overview]
Message-ID: <434AD0EB.6000405@gmx.de> (raw)
In-Reply-To: <434AB1EB.6070309@gmail.com>
Hi Alon,
Alon Bar-Lev wrote:
> For boot protocol <2.02, the kernel command line is a null-terminated
> string up to 255 characters long, plus the final null. For boot protocol
>>=2.02 command line that is referred by cmd_line_ptr is null-terminated
> string, the kernel will truncate this string if it is too large to handle.
Thus, someone could use bootloaders to "patch" the kernel: If the
bootloader writes a string of arbitary length to some memory region,
then there is a fair chance that if you make the string just long
enough, the kernel image gets (partly) overwritten. It resembles a bit
"Smashing the stack for fun and profit", but this time, it's "Rewriting
the kernel to your own needs via the bootloader on x86" :)
Same thing for user defined COMMAND_LINE_SIZE. I think that a common
interface for boot loaders is required. Especially in uncontrolled multi
user environments like Universities, everything else could lead to
undesired results.
Greetings,
Georg
next prev parent reply other threads:[~2005-10-10 20:37 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <4315B668.6030603@gmail.com>
2005-08-31 21:29 ` THE LINUX/I386 BOOT PROTOCOL - Breaking the 256 limit H. Peter Anvin
2005-08-31 21:57 ` Chris Wedgwood
2005-08-31 22:01 ` H. Peter Anvin
2005-08-31 22:07 ` Chris Wedgwood
2005-08-31 22:12 ` Jesper Juhl
2005-08-31 22:14 ` Chris Wedgwood
2005-08-31 22:17 ` H. Peter Anvin
2005-08-31 22:18 ` Jesper Juhl
2005-08-31 22:24 ` H. Peter Anvin
2005-09-01 8:54 ` Alon Bar-Lev
2005-08-31 22:12 ` H. Peter Anvin
2005-08-31 22:15 ` Chris Wedgwood
2005-09-01 20:48 ` [syslinux] " Peter Jones
2005-09-06 20:19 ` Alon Bar-Lev
2005-09-06 20:40 ` H. Peter Anvin
2005-09-06 20:49 ` Alon Bar-Lev
2005-10-06 22:49 ` Georg Lippold
2005-10-10 12:44 ` [PATCH] " Georg Lippold
2005-10-10 13:21 ` Jesper Juhl
2005-10-10 13:32 ` Alon Bar-Lev
2005-10-10 13:57 ` Georg Lippold
2005-10-10 14:07 ` Alon Bar-Lev
2005-10-10 14:53 ` H. Peter Anvin
2005-10-10 14:59 ` Alon Bar-Lev
2005-10-10 15:03 ` H. Peter Anvin
2005-10-10 16:23 ` Alon Bar-Lev
2005-10-10 17:02 ` Bernd Petrovitsch
2005-10-10 15:46 ` Georg Lippold
2005-10-10 15:49 ` H. Peter Anvin
2005-10-10 17:16 ` [PATCH 1/1] 2.6.14-rc3 x86: COMMAND_LINE_SIZE Georg Lippold
2005-10-10 18:24 ` Alon Bar-Lev
2005-10-10 20:36 ` Georg Lippold [this message]
2005-10-11 8:32 ` Alon Bar-Lev
2005-10-11 16:50 ` Georg Lippold
2005-10-11 17:44 ` Alon Bar-Lev
2005-10-11 19:21 ` Andi Kleen
2005-10-11 19:24 ` Alon Bar-Lev
2005-10-11 20:21 ` Andi Kleen
2005-10-11 20:04 ` Alon Bar-Lev
2005-10-13 20:18 ` Georg Lippold
2005-10-11 1:48 ` THE LINUX/I386 BOOT PROTOCOL - Breaking the 256 limit Coywolf Qi Hunt
2005-10-11 1:49 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=434AD0EB.6000405@gmx.de \
--to=georg.lippold@gmx.de \
--cc=alon.barlev@gmail.com \
--cc=hpa@zytor.com \
--cc=jesper.juhl@gmail.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox