Re: [stable] [patch 1/1] sys_get_thread_area does not clear the returned argument

* [email protected] ([email protected]) wrote:
> 
> From: Blaisorblade <[email protected]>
> CC: <[email protected]>
> 
> sys_get_thread_area does not memset to 0 its struct user_desc info before
> copying it to user space...  since sizeof(struct user_desc) is 16 while the
> actual datas which are filled are only 12 bytes + 9 bits (across the
> bitfields), there is a (small) information leak.
> 
> This was already committed to Linus' repository.

Thanks, queued to -stable.
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

References:
- [patch 1/1] sys_get_thread_area does not clear the returned argument
  - From: [email protected]

Prev by Date: Re: [PATCH] Fix cryptoapi deflate not handling PAGE_SIZE chunks.
Next by Date: Re: "seeing minute plus hangs during boot" - 2.6.12 and 2.6.13
Previous by thread: [patch 1/1] sys_get_thread_area does not clear the returned argument
Next by thread: [patch 3/3] uml: fix SIGWINCH handler race while waiting for signals.
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind]