Full Disclosure mailing list archives
Re: linux bugs (survival stories)?
From: Georgi Guninski <guninski () guninski com>
Date: Tue, 12 Apr 2005 22:59:36 +0300
On Tue, Apr 12, 2005 at 02:26:34PM -0400, Valdis.Kletnieks () vt edu wrote:
If anybody wants a good kernel-auditing project, just start going through the 2.6.12-rc2 tree and look at uses of copy_from_user(), and make sure that each use of that function then proceeds to *validate* the data (especially in the various driver's .ioctl methods - historically a place for issues). At least
like this in 2.6.11: grep -rniI 'fuck' * | grep -iv 'fuck billg' | grep -iv 'fuck bill g' | grep 'junk' sound/oss/opl3.c:837: * What the fuck is going on here? We leave junk in the beginning (the key to success being grepping for 'bill') -- where do you want bill gates to go today? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- linux bugs (survival stories)? Bipin Gautam (Apr 11)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
- Re: linux bugs (survival stories)? Georgi Guninski (Apr 12)
- Re: linux bugs (survival stories)? dk (Apr 12)
- Re: linux bugs (survival stories)? Eduardo Tongson (Apr 12)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
- Re: linux bugs (survival stories)? Eduardo Tongson (Apr 12)
- Re: linux bugs (survival stories)? Joachim Schipper (Apr 12)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
- Re: linux bugs (survival stories)? Eduardo Tongson (Apr 13)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
- <Possible follow-ups>
- Re: linux bugs (survival stories)? pageexec (Apr 12)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
- Re: linux bugs (survival stories)? pageexec (Apr 13)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)