Jiri Slaby wrote: > Alan Cox napsal(a): >>> I noticed that the moxa input checking security bug described by >>> CVE-2005-0504 appears to remain unfixed upstream. >>> >>> The issue is described here: >>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0504 >>> >>> Debian has been shipping the following patch from Andres Salomon. I >>> tried contacting the listed maintainer a few months ago but received >>> no response. >> >> case MOXA_LOAD_BIOS: >> case MOXA_FIND_BOARD: >> case MOXA_LOAD_C320B: >> case MOXA_LOAD_CODE: >> if (!capable(CAP_SYS_RAWIO)) >> return -EPERM; >> break; >> >> At the point you abuse these calls you can already just load arbitary >> data from userspace anyway. > > The problem is that we BUG_ON, when len < 0 in copy_from_user which is > unlikely > something we want to cause? > > regards,
Right; the lack of input checking is most definitely a bug. It's no longer a security issue, as a CAP_SYS_RAWIO check was added at some point to the code path, but it's still a bug. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
