diff options
author | Dan Rosenberg <drosenberg@vsecurity.com> | 2011-06-15 15:09:01 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2011-06-15 20:04:02 -0700 |
commit | 21c5977a836e399fc710ff2c5367845ed5c2527f (patch) | |
tree | 7258368ce3cfb107ed83d05ac4f7f8b547d47e23 /kernel/signal.c | |
parent | ec8f9ceacef719a844ca269d654502af6a00a273 (diff) | |
download | lwn-21c5977a836e399fc710ff2c5367845ed5c2527f.tar.gz lwn-21c5977a836e399fc710ff2c5367845ed5c2527f.zip |
alpha: fix several security issues
Fix several security issues in Alpha-specific syscalls. Untested, but
mostly trivial.
1. Signedness issue in osf_getdomainname allows copying out-of-bounds
kernel memory to userland.
2. Signedness issue in osf_sysinfo allows copying large amounts of
kernel memory to userland.
3. Typo (?) in osf_getsysinfo bounds minimum instead of maximum copy
size, allowing copying large amounts of kernel memory to userland.
4. Usage of user pointer in osf_wait4 while under KERNEL_DS allows
privilege escalation via writing return value of sys_wait4 to kernel
memory.
Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru>
Cc: Matt Turner <mattst88@gmail.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel/signal.c')
0 files changed, 0 insertions, 0 deletions