James Morris wrote: > The patch below fixes a problem in the iptables SECMARK target, where the > user-supplied 'selctx' string may not be nul-terminated. > >>From initial analysis, it seems that the strlen() called from > selinux_string_to_sid() could run until it arbitrarily finds a zero, and > possibly cause a kernel oops before then. > > The impact of this appears limited because the operation requires > CAP_NET_ADMIN, which is essentially always root. Also, the module is not > yet in wide use. > > Please apply. > > Note: some other iptables modules which handle strings supplied from > userspace may require a similar fix (e.g. xt_string looks suspect at first > glance).
I'll look into these, but it won't be the last of these problems. At the last netfilter workshop Rusty spent some time figuring out "how many iptables crashes (triggered by root) can I find in a few minutes", and it was quite a lot. So far we've hoped for pkttables to make everything better, but it looks like things like OpenVZ will beat us. - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
