> Indeed; the bug in the uuid_strategy which you pointed out in the
> random driver wasn't caused by the fact that we were using a
> user-specified length (since the length was being capped to a maximum
> value of 16). The security bug was that the test was done on a signed
> value, and copy_to_u
On Mon, Jun 04, 2001 at 08:20:01AM -0400, Hank Leininger wrote:
> On 2001-06-03, Dawson Engler <[EMAIL PROTECTED]> wrote:
>
> > Additionally, do people have suggestions for good security rules?
> > We're looking to expand our security checkers. Right now we just have
> > checkers that warn when:
Alan Cox <[EMAIL PROTECTED]> writes:
> n /u2/engler/mc/oses/linux/2.4.5-ac4/drivers/char/random.c:1813:uuid_strategy:
>ERROR:RANGE:1809:1813: Using user length "len" as argument to "copy_to_user"
>[type=LOCAL] set by 'get_user':1813
>
> Sigh I thought I had all of the sysctl ones
BTW uuid_str
On 2001-06-03, Dawson Engler <[EMAIL PROTECTED]> wrote:
> Additionally, do people have suggestions for good security rules?
> We're looking to expand our security checkers. Right now we just have
> checkers that warn when:
Do you already have checks for signed/unsigned issues? Those often resu
Hi All,
Enclosed is a potential security hole in 2.4.5-ac where an integer from
user space is used as a length argument to copy_to_user.
Additionally, do people have suggestions for good security rules?
We're looking to expand our security checkers. Right now we just have
checkers that warn whe
5 matches
Mail list logo