Bugtraq mailing list archives

Re: d_path() truncating excessive long path name vulnerability

From: psz () maths usyd edu au (Paul Szabo)
Date: Wed, 27 Nov 2002 13:04:04 +1100 (EST)

Back in March 2002, Wojciech Purczynski <cliph () isec pl> wrote (original
article at http://online.securityfocus.com/archive/1/264117 ):

Name:         Linux kernel
Version:      up to 2.2.20 and 2.4.18
...
In case of excessively long path names d_path kernel internal function
returns truncated trailing components of a path name instead of an error
value. As this function is called by getcwd(2) system call and
do_proc_readlink() function, false information may be returned to
user-space processes.


The problem is still present in Debian 2.4.19 kernel. I have not tried 2.5,
but see nothing relevant in the Changelogs at http://www.kernel.org/ .

Cheers,

Paul Szabo - psz () maths usyd edu au  http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

Current thread:

Re: d_path() truncating excessive long path name vulnerability Paul Szabo (Nov 28)
- Re: d_path() truncating excessive long path name vulnerability Solar Designer (Nov 28)