| |||||||||||||
"Stable" kernel 2.6.25.6"Stable" kernel 2.6.25.6Posted Jun 10, 2008 18:46 UTC (Tue) by szh (guest, #23558)In reply to: "Stable" kernel 2.6.25.6 by spender Parent article: Stable kernel 2.6.25.6
> it's good to know that the 'grep copy_from_user | grep -v sizeof' from 2005 is still a great method of finding exploitable kernel vulnerabilities in under 5 minutes. I just wrote a script and checked linux-2.6.25.6 and patch-2.6.26-rc5 and linux-2.6.22-suse . There are 0 (ZERO) calls to copy_from_user with less then 3 arguments.
(Log in to post comments)
"Stable" kernel 2.6.25.6 Posted Jun 10, 2008 19:04 UTC (Tue) by spender (subscriber, #23067) [Link] What are you talking about? I have no idea which hat you pulled the "less than 3 arguments" idea out of, but that command gives a list of places where copy_from_user is called with a likely non-fixed length argument. You then go inspect whether the length is user-controlled and if so, whether proper bounds checking is done (especially in the case where the length is signed). Thanks for spelling 0, though. -Brad
|
|||||||||||||