Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / 21c5977a836e399fc710ff2c5367845ed5c2527f
commit21c5977a836e399fc710ff2c5367845ed5c2527f[log] [tgz]
authorDan Rosenberg <drosenberg@vsecurity.com>Wed Jun 15 15:09:01 2011 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>Wed Jun 15 20:04:02 2011 -0700
tree7258368ce3cfb107ed83d05ac4f7f8b547d47e23
parentec8f9ceacef719a844ca269d654502af6a00a273 [diff]
alpha: fix several security issues

Fix several security issues in Alpha-specific syscalls.  Untested, but
mostly trivial.

1. Signedness issue in osf_getdomainname allows copying out-of-bounds
kernel memory to userland.

2. Signedness issue in osf_sysinfo allows copying large amounts of
kernel memory to userland.

3. Typo (?) in osf_getsysinfo bounds minimum instead of maximum copy
size, allowing copying large amounts of kernel memory to userland.

4. Usage of user pointer in osf_wait4 while under KERNEL_DS allows
privilege escalation via writing return value of sys_wait4 to kernel
memory.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Matt Turner <mattst88@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 file changed
tree: 7258368ce3cfb107ed83d05ac4f7f8b547d47e23
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS