Coywolf Qi Hunt wrote:
2005/12/31, Yi Yang <[email protected]>:
Coywolf Qi Hunt wrote:
You didn't set the trailing '\0', I wonder how your printf did work
properly ever. You've just been lucky or something.
-- Coywolf
The variable target does it, its value is 0x00000001, so you mustn't
worry it.
osname only has 4-bytes space, so if you set '\0' to its tail, a byte
information will be lost.
I'm worrying more. We should set '\0'. Let the one byte information
lost, the caller deserve that. Actually here printf sees "mylo"+'\01'
if little endian.
I want to remind of you, my program is an example to verify this bug, it
can run on both little-endian and big-endian computer correctly, because
the variable target is 0x00000001 or 0x00000000, it sets 0 to the tail
of osname, only a byte '\01' isn't expected for little-endian, but my
program really can run correctly.
For compatibility, you don't worry, you can try the application 'sysctl -a'.
This bug is very serious as far as security is concerned, so it is
necessary, the kernel shouldn't corrupt the user data no matter what the
reason is, if the user provides more space, Linus's patch has set 0 to
the tail, but if the user space is not enough, to set 0 to the tail is
not necessary, because a user mode application should do it by itself,
but not depends on kernel.
Linus, besides fixing bug, your commit certainly breaks userland
compatibility. Please consider.
--
Coywolf Qi Hunt
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
