From: cjw44@flatline.org.uk (Colin Watson)
To: Linux Kernel List <linux-kernel@vger.kernel.org>
Subject: Re: How to mount /proc/sys/fs/binfmt_misc ?
Date: Mon, 19 Mar 2001 19:29:29 +0000 [thread overview]
Message-ID: <E14f5LN-0005Go-00@riva.ucam.org> (raw)
In-Reply-To: <Pine.GSO.4.21.0103161335240.12618-100000@weyl.math.psu.edu>
In-Reply-To: <Pine.GSO.4.21.0103161335240.12618-100000@weyl.math.psu.edu>
Alexander Viro <viro@math.psu.edu> wrote:
>Seriously, binfmt_misc.c was written in rather, erm, interesting C.
>Read it and you'll see. Just one (but rather impressive) example:
>
> if ((count == 1) && !(buffer[0] & ~('0' | '1'))) {
>
>It was meant to be
>
> if (count == 1 && (buffer[0] == '0' || buffer[0] == '1')) {
>
>and anyone who can't find the difference really should learn C. And
>that's not the only bogosity of such level. Besides, the thing is
>trivially oopsable - write() to any file in binfmt_misc with buffer
>pointing to unmapped kernel address and you are screwed,
Or you can register binfmt names that are registered already and
silently shadow old ones, or register names like 'register', 'status',
'.', and '..'. It's hideous to manage reliably from userspace.
--
Colin Watson [cjw44@flatline.org.uk]
next prev parent reply other threads:[~2001-03-19 19:22 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-03-16 15:23 How to mount /proc/sys/fs/binfmt_misc ? Wayne.Brown
2001-03-16 15:37 ` Alexander Viro
2001-03-16 17:49 ` Richard Guenther
2001-03-16 17:58 ` Alexander Viro
2001-03-16 18:07 ` Alexander Viro
2001-03-16 18:32 ` David Weinehall
2001-03-16 18:48 ` Alexander Viro
2001-03-19 19:29 ` Colin Watson [this message]
2001-03-20 10:12 ` Richard Guenther
2001-03-22 18:28 ` Colin Watson
2001-03-22 19:07 ` Alexander Viro
2001-03-23 9:34 ` Richard Guenther
2001-03-21 19:18 ` Alan Cox
2001-03-16 16:02 ` Thomas Dodd
-- strict thread matches above, loose matches on Subject: below --
2001-03-16 16:12 Wayne.Brown
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=E14f5LN-0005Go-00@riva.ucam.org \
--to=cjw44@flatline.org.uk \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox