Full Disclosure mailing list archives

Re: linux bugs (survival stories)?

From: Georgi Guninski <guninski () guninski com>
Date: Tue, 12 Apr 2005 22:59:36 +0300

On Tue, Apr 12, 2005 at 02:26:34PM -0400, Valdis.Kletnieks () vt edu wrote:

If anybody wants a good kernel-auditing project, just start going through the
2.6.12-rc2 tree and look at uses of copy_from_user(), and make sure that each
use of that function then proceeds to *validate* the data (especially in the
various driver's .ioctl methods - historically a place for issues).   At least


like this in 2.6.11:

grep -rniI 'fuck' * | grep -iv 'fuck billg' |  grep -iv 'fuck bill g' | grep
'junk'
sound/oss/opl3.c:837:    * What the fuck is going on here?  We leave junk in
the beginning

(the key to success being grepping for 'bill')

-- 
where do you want bill gates to go today?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

linux bugs (survival stories)? Bipin Gautam (Apr 11)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
  - Re: linux bugs (survival stories)? Georgi Guninski (Apr 12)
  - Re: linux bugs (survival stories)? dk (Apr 12)
    - Re: linux bugs (survival stories)? Eduardo Tongson (Apr 12)
    - Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
    - Re: linux bugs (survival stories)? Eduardo Tongson (Apr 12)
    - Re: linux bugs (survival stories)? Joachim Schipper (Apr 12)
    - Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
    - Re: linux bugs (survival stories)? Eduardo Tongson (Apr 13)
- <Possible follow-ups>
- Re: linux bugs (survival stories)? pageexec (Apr 12)
  - Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
    - Re: linux bugs (survival stories)? pageexec (Apr 13)

(Thread continues...)