On Sat, Feb 04, 2006 at 12:57:28AM +1030, Glen Turner wrote:
>
> Hi Russell,
>
> Thanks for your response.
>
> > A normal user can't produce arbitarily formatted
> > kernel messages
>
> They don't need to provide an entire message, just a
> AT string (a vector which a user could control
> could be a volume label on removable media).
So?
My point stands - if the user can provide an arbitary string to printk,
they can fake any kernel message. That in itself is a security bug.
If there is an instance of that, then that's the real bug which would
need fixing.
Once those bugs have been fixed, your claimed bug is also magically
fixed.
--
Russell King
Linux kernel 2.6 ARM Linux - http://www.arm.linux.org.uk/
maintainer of: 2.6 Serial core
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
