Incorrect use IPCB in icmp_send code
Hello! icmp_send routine calls ip_option_echo, which uses IPCB to take skbuff compiled IP options. But icmp_send could be called from TCP level too (security_sock_rcv_skb - cipso_v4_error for INET stream connection, for example). After moving IP header data to the end of the struct tcp_skb_cb, this could lead to memory corruption when IP options copying. Thanks.
Re: [PATCH v2 1/1] OverlayFS: Fix checking permissions during lookup.
26.02.2016, 22:41, "Vivek Goyal" : > > So what's the problem we are trying to solve. Why should we able to > override the DAC checks of lower layer if same directory in upper > is searchable for user but it is not searchable in lower layer. > If I right, this is a one of the main feature of overlayfs - upper layer has priority over lower ones. Override AC checks necessary for lookup operation only. Lower layer files access AC checks remain, so this should not be a security problem. Sergey.