On Fri, Feb 03, 2006 at 06:46:24PM +0100, Krzysztof Halasa wrote:
> Russell King <[email protected]> writes:
>
> > My point stands - if the user can provide an arbitary string to printk,
> > they can fake any kernel message. That in itself is a security bug.
> > If there is an instance of that, then that's the real bug which would
> > need fixing.
>
> I think the AT problem is valid - the user doesn't have to be able to
> send anything to the console, the system alone can screw it up with
> something as simple as ATZ^M (or with almost any string with embedded
> [aA][tT].*^M).
Stop throwing FUD into this issue. The original claim was that a
non-root user could send arbitary strings via the console system.
This was an independent claim from the other issues.
--
Russell King
Linux kernel 2.6 ARM Linux - http://www.arm.linux.org.uk/
maintainer of: 2.6 Serial core
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]