From: Chris Wright <chrisw@osdl.org>
To: Max Krasnyansky <maxk@qualcomm.com>
Cc: Chris Wright <chrisw@osdl.org>,
maximilian attems <janitor@sternwelten.at>,
netdev@oss.sgi.com
Subject: Re: [PATCH 1/5] tun check error on memcpy_fromiovec
Date: Thu, 22 Jan 2004 18:13:53 -0800 [thread overview]
Message-ID: <20040122181353.J2962@osdlab.pdx.osdl.net> (raw)
In-Reply-To: <1074718162.1707.194.camel@localhost>; from maxk@qualcomm.com on Wed, Jan 21, 2004 at 12:49:23PM -0800
* Max Krasnyansky (maxk@qualcomm.com) wrote:
> On Fri, 2004-01-16 at 16:45, Chris Wright wrote:
> > I specifically left those alone. They have a semi-bogus verify_area()
> > call that is trying to insure the memcpy_fromiovec won't EFAULT. I'd
> > prefer to remove them and simply do memcpy checking.
>
> Please don't add extra unneeded checks or fix stuff that does not need
> to be fixed. Verify area is not bogus. We need to know total length of
> the iovec so we might as well check it in the same loop and not bother
> with checking later.
Yes, I realize it's used to collect total length. But it does not protect
from userspace controlled buffer whose contents can change. Continuing
when a fault is possible means the skb->data could be zero'd. However,
since this is intended to be 0700 root owned device, and the user could
supply same such data directly, it's of fairly low priority to patch.
thanks,
-chris
--
Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net
prev parent reply other threads:[~2004-01-23 2:13 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-12-09 4:23 [PATCH 1/4] ax25 check error on memcpy_fromiovec Chris Wright
2003-12-09 4:24 ` [PATCH 2/4] irda " Chris Wright
2003-12-09 4:25 ` [PATCH 3/4] netrom " Chris Wright
2003-12-09 4:27 ` [PATCH 4/4] rose " Chris Wright
2003-12-09 5:39 ` [PATCH 1/4] ax25 " David S. Miller
2003-12-09 5:41 ` Chris Wright
2003-12-19 10:34 ` [PATCH 1/5] tun " maximilian attems
2003-12-19 14:23 ` Jeff Garzik
2004-01-17 0:45 ` Chris Wright
2004-01-21 20:49 ` Max Krasnyansky
2004-01-23 2:13 ` Chris Wright [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20040122181353.J2962@osdlab.pdx.osdl.net \
--to=chrisw@osdl.org \
--cc=janitor@sternwelten.at \
--cc=maxk@qualcomm.com \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).