From: Yi Yang <yang.y.yi@gmail.com>
To: Coywolf Qi Hunt <coywolf@gmail.com>
Cc: linux-kernel@vger.kernel.org, torvalds@osdl.org, gregkh@suse.de,
akpm@osdl.org
Subject: Re: [PATCH] Fix user data corrupted by old value return of sysctl
Date: Wed, 04 Jan 2006 09:41:02 +0800 [thread overview]
Message-ID: <43BB27AE.3040200@gmail.com> (raw)
In-Reply-To: <2cd57c900512310144o4aafd05en@mail.gmail.com>
Coywolf Qi Hunt wrote:
>2005/12/31, Yi Yang <yang.y.yi@gmail.com>:
>
>
>>Coywolf Qi Hunt wrote:
>>
>>
>>>You didn't set the trailing '\0', I wonder how your printf did work
>>>properly ever. You've just been lucky or something.
>>>
>>>-- Coywolf
>>>
>>>
>>>
>>>
>>The variable target does it, its value is 0x00000001, so you mustn't
>>worry it.
>>osname only has 4-bytes space, so if you set '\0' to its tail, a byte
>>information will be lost.
>>
>>
>
>I'm worrying more. We should set '\0'. Let the one byte information
>lost, the caller deserve that. Actually here printf sees "mylo"+'\01'
>if little endian.
>
>
I want to remind of you, my program is an example to verify this bug, it
can run on both little-endian and big-endian computer correctly, because
the variable target is 0x00000001 or 0x00000000, it sets 0 to the tail
of osname, only a byte '\01' isn't expected for little-endian, but my
program really can run correctly.
For compatibility, you don't worry, you can try the application 'sysctl -a'.
This bug is very serious as far as security is concerned, so it is
necessary, the kernel shouldn't corrupt the user data no matter what the
reason is, if the user provides more space, Linus's patch has set 0 to
the tail, but if the user space is not enough, to set 0 to the tail is
not necessary, because a user mode application should do it by itself,
but not depends on kernel.
>Linus, besides fixing bug, your commit certainly breaks userland
>compatibility. Please consider.
>--
>Coywolf Qi Hunt
>
>
>
prev parent reply other threads:[~2006-01-04 1:41 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-12-30 8:40 [PATCH] Fix user data corrupted by old value return of sysctl Yi Yang
2005-12-30 17:25 ` Linus Torvalds
2005-12-31 1:08 ` Yi Yang
2005-12-31 9:25 ` Coywolf Qi Hunt
2005-12-31 11:47 ` YOSHIFUJI Hideaki / 吉藤英明
2005-12-30 22:31 ` David Wagner
2005-12-31 9:13 ` Coywolf Qi Hunt
2005-12-31 9:26 ` Yi Yang
2005-12-31 9:44 ` Coywolf Qi Hunt
2006-01-04 1:41 ` Yi Yang [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43BB27AE.3040200@gmail.com \
--to=yang.y.yi@gmail.com \
--cc=akpm@osdl.org \
--cc=coywolf@gmail.com \
--cc=gregkh@suse.de \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox