Re: old buffer overflow in moxa driver

> > At the point you abuse these calls you can already just load arbitary
> > data from userspace anyway.
> 
> So the possible exploit will only work when run by root, is that what you 
> mean? If so isn't that still a security problem?

To exploit the hole you need CAP_SYS_RAWIO which is the highest
capability of all. CAP_SYS_RAWIO gives you the ability to access hardware
directly so since it checks for CAP_SYS_RAWIO it isn't security.

The patch isn't wrong however and adds some sanity checking so it would
do no harm to send it to Andrew for -mm testing.

Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: old buffer overflow in moxa driver
  - From: "Jiri Slaby" <[email protected]>

References:
- old buffer overflow in moxa driver
  - From: dann frazier <[email protected]>
- Re: old buffer overflow in moxa driver
  - From: Alan Cox <[email protected]>
- Re: old buffer overflow in moxa driver
  - From: Ismail Dönmez <[email protected]>

Prev by Date: Re: SCSI discover order strangeness [Bug 8412] New: CONFIG_MOUSE_PS2 makes RAID detection fail
Next by Date: Re: nfsd/md patches Re: 2.6.22 -mm merge plans
Previous by thread: Re: old buffer overflow in moxa driver
Next by thread: Re: old buffer overflow in moxa driver
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]