On Thu, 2007-11-08 at 23:20 -0600, Lin Tan wrote:
> Seems that an unauthorized user can send file through sockets due to
> the following missing check errors.
>
> There is not security_file_permission() check from sys_splice(),
> which can invoke sock_sendpage(). The call chain is as follows.
Seems that an unauthorized user can send file through sockets due to
the following missing check errors.
There is not security_file_permission() check from sys_splice(),
which can invoke sock_sendpage(). The call chain is as follows.
sys_splice -> do_splice -> do_splice_from -> generic_splice
