Alan Cox napsal(a): >> I noticed that the moxa input checking security bug described by >> CVE-2005-0504 appears to remain unfixed upstream. >> >> The issue is described here: >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504 >> >> Debian has been shipping the following patch from Andres Salomon. I >> tried contacting the listed maintainer a few months ago but received >> no response. > > > case MOXA_LOAD_BIOS: > case MOXA_FIND_BOARD: > case MOXA_LOAD_C320B: > case MOXA_LOAD_CODE: > if (!capable(CAP_SYS_RAWIO)) > return -EPERM; > break; > > At the point you abuse these calls you can already just load arbitary > data from userspace anyway.
The problem is that we BUG_ON, when len < 0 in copy_from_user which is unlikely something we want to cause? regards, -- http://www.fi.muni.cz/~xslaby/ Jiri Slaby faculty of informatics, masaryk university, brno, cz e-mail: jirislaby gmail com, gpg pubkey fingerprint: B674 9967 0407 CE62 ACC8 22A0 32CC 55C3 39D4 7A7E - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/