oss-sec mailing list archives
Re: kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write()
From: Ben Hutchings <ben () decadent org uk>
Date: Sat, 14 Aug 2010 02:28:37 +0100
On Sat, 2010-08-14 at 09:00 +0800, Eugene Teo wrote:
On 08/14/2010 08:54 AM, dann frazier wrote:On Tue, Aug 03, 2010 at 01:51:15AM -0400, Moritz Muehlenhoff wrote:On Tue, Aug 03, 2010 at 11:46:58AM +0800, Eugene Teo wrote:Ilja reported way back in Nov 2007. A writer to /proc/pdc/led(?) can cause the kernel to consume an unbounded amount of stack, and result in stack corruption. http://www.spinics.net/lists/linux-parisc/msg02960.html If you need a CVE name, change the subject to indicate that. We are not requesting one as we do not support the PA-RISC architecture in our distribution.Debian supports hppa. Steven, please assign a CVE ID.Ben Hutchings pointed out that this file is only writeable by root - can it therefore be considered a security issue?From the bug report: "the problem being that the stack is limited and count is not (except for the MAX_INT check done in sys_write() I guess). this could lead to stack corruption (when for example calling capable())."
But the file permissions are checked even before the function is called, are they not? Ben. -- Ben Hutchings Once a job is fouled up, anything done to improve it makes it worse.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write() Eugene Teo (Aug 02)
- Re: kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write() Moritz Muehlenhoff (Aug 02)
- CVE request - kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write() Eugene Teo (Aug 03)
- Re: kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write() Josh Bressers (Aug 03)
- Re: kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write() dann frazier (Aug 13)
- Re: kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write() Eugene Teo (Aug 13)
- Re: kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write() Ben Hutchings (Aug 13)
- Re: kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write() Eugene Teo (Aug 13)
- Re: kernel: [PARISC] led.c - fix potential stack overflow in led_proc_write() Moritz Muehlenhoff (Aug 02)