> I'd consider it "system internal", not visible to the user and hence 7-Bit
> must suffice. I also strongly agree with Keith: treating strings that come
> from the kernel as tainted is weird at least.
I would consider it to be an arbitary 8bit bytesequence. Fix the user space
-
To unsubscribe f
>> >> + if ((*p & 0xdf) >= 'a' && (*p & 0xdf) <= 'z') continue;
>>
Francis> Just in case... Some modules have uppercase letters too :)
>> That's what the &0xdf is intended for...
Jah, Bummer from my side; use "|0x20" instead. But as discussed, isalnum()
does the perfect job, for
Keith Owens wrote:
>
> On 15 Nov 2000 22:04:47 -0800,
> "H. Peter Anvin" <[EMAIL PROTECTED]> wrote:
> >No, it's correct, actually, but probably not what you want. It will
> >include all letters [A-Za-z], but if a module named "ärlig"...
>
> Trying to sanitise the module name in request_module i
On 15 Nov 2000 22:04:47 -0800,
"H. Peter Anvin" <[EMAIL PROTECTED]> wrote:
>No, it's correct, actually, but probably not what you want. It will
>include all letters [A-Za-z], but if a module named "ärlig"...
Trying to sanitise the module name in request_module is the wrong fix
anyway, the kerne
Followup to: <[EMAIL PROTECTED]>
By author:Alan Cox <[EMAIL PROTECTED]>
In newsgroup: linux.dev.kernel
>
> > >> + if ((*p & 0xdf) >= 'a' && (*p & 0xdf) <= 'z') continue;
> >
> > Francis> Just in case... Some modules have uppercase letters too :)
> >
> > That's what the &0xdf is inte
> >> + if ((*p & 0xdf) >= 'a' && (*p & 0xdf) <= 'z') continue;
>
> Francis> Just in case... Some modules have uppercase letters too :)
>
> That's what the &0xdf is intended for...
That looks wrong for UTF8 which is technically what the kernel uses 8)
-
To unsubscribe from this list: sen
Daniel Phillips <[EMAIL PROTECTED]> said:
[...]
> Heading in the right direction, but this is equivalent to:
>
> if (isalnum(*p) && *p != '-' && *p != '_') return -EINVAL;
>
> which is faster, smaller and easier to read.
And wrong. ;-)
--
Horst von Brand [EMAIL P
Daniel,
At 09:23 AM 11/14/00, you wrote:
I reserve the right to make coding errors, thanks for not letting it get
written into history :-)
I'm not going to give up my right to make errors until I'm ready to give up
my keyboard. I'll probably be pushing up daisies at that point in my life.
Ho
On Tue, 14 Nov 2000, David Relson wrote:
> At 06:29 AM 11/14/00, Daniel Phillips wrote:
>
> >Heading in the right direction, but this is equivalent to:
> >
> > if (isalnum(*p) && *p != '-' && *p != '_') return -EINVAL;
> >
> >which is faster, smaller and easier to read.
>
> Almost right, but y
[EMAIL PROTECTED] said:
> Someone could make it a bit smaller by patching fs/jffs/interp.c and
> arch/ppc/xmon/xmon.c to use the kernel lib, rather than their own
> versions.
Makes sense to me. Patch attached. As an added bonus, this patch (not the
ctype change) also speeds up JFFS mounting by
[EMAIL PROTECTED] (Torsten Duwe) writes:
> Chris Evans <[EMAIL PROTECTED]> writes:
> > What's wrong with isalnum() ?
>
> Hm, must admit that I wasn't 100% sure if that's in the kernel lib or an evil
> gcc expands it inline to some static array lookup. Now I see that it's
> already in the kernel.
On Tue, 14 Nov 2000, Jakub Jelinek wrote:
> > Rather than add sanity checking to modprobe, it would be a lot easier
> > and safer from a security audit point of view to have the kernel call
> > /sbin/kmodprobe instead of /sbin/modprobe. Then kmodprobe can sanitise
> > all the data and exec the r
Peter Samuelson wrote:
>
> [Torsten Duwe]
> > > "Francis" == Francis Galiegue <[EMAIL PROTECTED]> writes:
> >
> > >> + if ((*p & 0xdf) >= 'a' && (*p & 0xdf) <= 'z') continue;
> >
> > Francis> Just in case... Some modules have uppercase letters too :)
> >
> > That's what the &0xdf is i
On Tue, 14 Nov 2000 10:42:41 +,
Malcolm Beattie <[EMAIL PROTECTED]> wrote:
>Keith Owens writes:
>> All these patches against request_module are attacking the problem at
>> the wrong point. The kernel can request any module name it likes,
>> using any string it likes, as long as the kernel ge
On Tue, Nov 14, 2000 at 10:42:41AM +, Malcolm Beattie wrote:
> Keith Owens writes:
> > All these patches against request_module are attacking the problem at
> > the wrong point. The kernel can request any module name it likes,
> > using any string it likes, as long as the kernel generates the
Keith Owens writes:
> All these patches against request_module are attacking the problem at
> the wrong point. The kernel can request any module name it likes,
> using any string it likes, as long as the kernel generates the name.
> The real problem is when the kernel blindly accepts some user in
Keith Owens <[EMAIL PROTECTED]> writes:
> All these patches against request_module are attacking the problem at
> the wrong point.
Agreed.
> The kernel can request any module name it likes, using any string it
> likes, as long as the kernel generates the name. The real problem
> is when the ke
On Mon, 13 Nov 2000 23:02:10 -0600,
Peter Samuelson <[EMAIL PROTECTED]> wrote:
>
>[Torsten Duwe]
>> +for (p = module_name; *p; p++)
>> +{
>> + if (isalnum(*p) || *p == '_' || *p == '-')
>> +continue;
>> +
>> + return -EINVAL;
>> +}
>
>I think you just broke at least
[Torsten Duwe]
> + for (p = module_name; *p; p++)
> + {
> + if (isalnum(*p) || *p == '_' || *p == '-')
> + continue;
> +
> + return -EINVAL;
> + }
I think you just broke at least some versions of devfs. I don't
remember if the feature is still around, but I know
Chris Evans <[EMAIL PROTECTED]> said:
> On Mon, 13 Nov 2000, Torsten Duwe wrote:
> > > "Francis" == Francis Galiegue <[EMAIL PROTECTED]> writes:
> >
> > >> + if ((*p & 0xdf) >= 'a' && (*p & 0xdf) <= 'z') continue;
> >
> > Francis> Just in case... Some modules have uppercase letters t
[Torsten Duwe]
> > "Francis" == Francis Galiegue <[EMAIL PROTECTED]> writes:
>
> >> + if ((*p & 0xdf) >= 'a' && (*p & 0xdf) <= 'z') continue;
>
> Francis> Just in case... Some modules have uppercase letters too :)
>
> That's what the &0xdf is intended for...
It's wrong, then: you'
> "Chris" == Chris Evans <[EMAIL PROTECTED]> writes:
Chris> What's wrong with isalnum() ?
Hm, must admit that I wasn't 100% sure if that's in the kernel lib or an evil
gcc expands it inline to some static array lookup. Now I see that it's
already in the kernel. Do some of you also someti
On Mon, Nov 13, 2000 at 04:56:40PM +, Chris Evans wrote:
>
> On Mon, 13 Nov 2000, Torsten Duwe wrote:
>
> Code in a security sensitive area needs to be crystal clear.
>
> What's wrong with isalnum() ?
>
What about this then ?
--- kmod.c.orig Sat Nov 4 20:02:11 2000
+++ kmod.c Mon
On Mon, 13 Nov 2000, Torsten Duwe wrote:
> > "Francis" == Francis Galiegue <[EMAIL PROTECTED]> writes:
>
> >> + if ((*p & 0xdf) >= 'a' && (*p & 0xdf) <= 'z') continue;
>
> Francis> Just in case... Some modules have uppercase letters too :)
>
> That's what the &0xdf is intended for
> "Francis" == Francis Galiegue <[EMAIL PROTECTED]> writes:
>> + if ((*p & 0xdf) >= 'a' && (*p & 0xdf) <= 'z') continue;
Francis> Just in case... Some modules have uppercase letters too :)
That's what the &0xdf is intended for...
Torsten
-
To unsubscribe from this list: sen
On Mon, 13 Nov 2000, Torsten Duwe wrote:
>
> --- linux/kernel/kmod.c.orig Tue Sep 26 01:18:55 2000
> +++ linux/kernel/kmod.c Mon Nov 13 16:57:02 2000
> @@ -168,6 +168,22 @@
> static atomic_t kmod_concurrent = ATOMIC_INIT(0);
> #define MAX_KMOD_CONCURRENT 50 /* Completely arbi
>>>>> "Gregory" == Gregory Maxwell <[EMAIL PROTECTED]> writes:
Gregory> After seeing the modprobe local root exploit today, I asked
Gregory> myself why kmod executes modprobe with full root and doesn't
Gregory> drop some capabilities fi
After seeing the modprobe local root exploit today, I asked myself why
kmod executes modprobe with full root and doesn't drop some capabilities
first.
Why? It wouldn't close the hole, but it would narrow it down.
-
To unsubscribe from this list: send the line "unsubscribe linux
28 matches
Mail list logo
