On Fri, 2014-10-24 at 13:55 +1100, James Morris wrote: > On Thu, 23 Oct 2014, Dmitry Kasatkin wrote: > > > ima_inode_setxattr() can be called with no value. Function does not > > check the length so that following command can be used to produce > > kernel oops: setfattr -n security.ima FOO. This patch fixes it. > > I'd like to see more review/acks on this before sending it to Linus. > > Mimi?
This fixes the oops, but a more complete solution would at least test the first byte, verifying that it is valid. As previously described http://sourceforge.net/p/linux-ima/mailman/message/32958242/ I think we can do better than this. Mimi > > > -- > James Morris > <jmor...@namei.org> > > -- > To unsubscribe from this list: send the line "unsubscribe > linux-security-module" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
