Silly Linux Kernel Bug
Bill Frantz
frantz at pwpconsult.com
Tue Dec 2 11:11:53 PST 2003
At 1:09 AM -0800 12/2/03, Eric Cordian wrote:
>As reported today on Slashdot, in linux kernels prior to 2.4.23, it is
>possible to map the kernel into user space with brk(), since apparently no
>one ever bothered to check that the argument passed was in the lower 3 gig
>of the address space.
Rule 1: When you audit code for security, be sure there is a complete check
of all input parameters. Make at least one pass through the code where
this is the only check you make. As can be seen by multiple problems of
this type, it's easy to forget.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | "There's nothing so clear as a | Periwinkle
(408)356-8506 | vague idea you haven't written | 16345 Englewood Ave
www.pwpconsult.com | down yet." -- Dean Tribble | Los Gatos, CA 95032
More information about the cypherpunks-legacy
mailing list