Re: Linux-2.4.30-hf3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Huh? I fail to see how that one is exploitable, given that no in-tree callers 
> should pass "tty" as NULL to any of the affected functions (that is impossible, 
> AFAICS).
> 
> No? Julien?

That's correct, this one does'nt seem to be exploitable.

What I said is that the bug "class" (null pointer dereference) must not
be seen as potential oopses and denial or services.
As the first page is mappable, that can allow a user to gain control
over some kernel datas.


> Well, it requires root priveledges:

> +    if (!len) return -EINVAL;> 
>      if ( !suser () ) return -EPERM;   <---------------
> 
> So, its "safe".

Well it's certainly not the worse bug ever, but root should'nt be able
to gain control over the kernel that way.
There are security models where root should'nt have that power: for
example with SELinux, LIDS, RSBAC, GRsecurity you can have such a model
where beeing root is not enough to gain control over the kernel.

Ok, the access control system should maybe prevent most processes to
access mtrrs as well anyway ;)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux