From: David Miller <davem@davemloft.net>
To: torvalds@linux-foundation.org
Cc: drosenberg@vsecurity.com, jon.maloy@ericsson.com,
allan.stephens@windriver.com, netdev@vger.kernel.org,
security@kernel.org
Subject: Re: [Security] TIPC security issues
Date: Wed, 27 Oct 2010 10:29:40 -0700 (PDT) [thread overview]
Message-ID: <20101027.102940.112580564.davem@davemloft.net> (raw)
In-Reply-To: <AANLkTi=V93A660+YS8C2TvC13kGUcJpFgjPHUvONd_WW@mail.gmail.com>
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Thu, 21 Oct 2010 17:31:12 -0700
> Something like the appended UNTESTED patch. NOTE! it actually makes
> "verify_iovec()" *change* the iovec if it grows too big.
Ok I thought a bit about this patch.
How we can behave here depends upon the socket type.
For example, for a stream socket such as TCP a partial write is OK and
we could truncate the iovec like this. That's fine.
But for a datagram socket, we have to have a one-to-one correspondance
between write() calls and packets on the wire. So we'd either need to
accept the entire write() length or fail it with an error.
verify_iovec() (currently) doesn't have the socket type information
available, so it's not able to key off of that right now.
I agree that cutting off these cases at a high level would be the
thing to do long term, but right now verify_iovec() isn't positioned
such that we can do it just yet.
For now I'm going to look into specifically fixing the TIPC case and
also think longer term about another way to address this at a high
level.
next prev parent reply other threads:[~2010-10-27 17:29 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-21 23:45 TIPC security issues Dan Rosenberg
2010-10-22 0:31 ` [Security] " Linus Torvalds
2010-10-25 2:14 ` David Miller
2010-10-25 3:42 ` Linus Torvalds
2010-10-25 5:28 ` David Miller
2010-10-27 17:29 ` David Miller [this message]
2010-10-27 17:37 ` Linus Torvalds
2010-10-27 17:50 ` David Miller
2010-10-27 18:26 ` Dan Rosenberg
2010-10-27 18:34 ` David Miller
2010-10-27 18:51 ` Linus Torvalds
2010-10-27 19:27 ` David Miller
2010-10-28 15:32 ` Linus Torvalds
2010-10-28 18:45 ` Andy Grover
2010-10-28 18:49 ` David Miller
2010-10-27 18:27 ` Paul Gortmaker
2010-10-27 18:35 ` David Miller
2010-10-27 19:00 ` Paul Gortmaker
2010-10-28 19:51 ` Paul Gortmaker
2010-10-22 13:49 ` Jon Maloy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101027.102940.112580564.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=allan.stephens@windriver.com \
--cc=drosenberg@vsecurity.com \
--cc=jon.maloy@ericsson.com \
--cc=netdev@vger.kernel.org \
--cc=security@kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).