[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
kern/39559: veriexec(4): too easy to cause a NULL dereference through it in kernel
>Synopsis: veriexec(4): too easy to cause a NULL dereference through it
>Arrival-Date: Tue Sep 16 06:50:00 +0000 2008
>Originator: Juan RP
While looking at other stuff in kernel, I've found some problems in
the veriexec(4) code.
1) The ioctl handler doesn't check if the fd is writable.
2) Root privilege and a simple small code is enough to cause a NULL
dereference pointer though the ioctls VERIEXEC_LOAD/QUERY/DELETE.
Will send the example code in a few minutes.
1) Check if fd is writable.
2) Check that prop_string_cstring_nocopy returns a valid string before
passing it to namei() in the ioctl handler.
Main Index |
Thread Index |