|
|
Log in / Subscribe / Register

Re: [patch 03/26] sysfs: zero terminate sysfs write buffers (CVE-2006-1055)

[Posted April 5, 2006 by corbet]

From:  Al Viro <viro-AT-ftp.linux.org.uk>
To:  Jon Smirl <jonsmirl-AT-gmail.com>
Subject:  Re: [patch 03/26] sysfs: zero terminate sysfs write buffers (CVE-2006-1055)
Date:  Wed, 5 Apr 2006 18:02:26 +0100
Cc:  gregkh-AT-suse.de, linux-kernel-AT-vger.kernel.org, stable-AT-kernel.org

On Wed, Apr 05, 2006 at 12:34:49PM -0400, Jon Smirl wrote:
> On 4/5/06, Al Viro <viro@ftp.linux.org.uk> wrote:
> > On Wed, Apr 05, 2006 at 07:09:28PM +0400, Sergey Vlasov wrote:
> > > This will break the "color_map" sysfs file for framebuffers -
> > > drivers/video/fbsysfs.c:store_cmap() expects to get exactly 4096 bytes
> > > for a colormap with 256 entries.  In fact, the original patch which
> > > changed PAGE_SIZE - 1 to PAGE_SIZE:
> >
> > ... cheerfully assuming that nobody assumes NUL-termination and
> > everyone (sysfs patch writers!) certainly uses the length argument.
> > Fscking brilliant, that.
> 
> Why does sysfs have two string length determination methods - both
> NULL termination and a length parameter. It should be one or the
> other, not both. Having both simply cause problems when some
> developers implement one scheme and others only implement the other.

Which part of "sysfs patches can be written by idiots and usually are"
is too hard to understand?  Oh, wait.  I see...  Well, nevermind, then...

to post comments

Re: [patch 03/26] sysfs: zero terminate sysfs write buffers (CVE-2006-1055)

Posted Apr 6, 2006 12:03 UTC (Thu) by eskild (guest, #1556) [Link] (3 responses)

Corbet, if you see this: You do try to protect the e-mail addresses in the From and To fields using <AT>. However, in the actual message you do not. Would this be a thing to consider in order to make things a wee bit harder for harvesters?

Re: [patch 03/26] sysfs: zero terminate sysfs write buffers (CVE-2006-1055)

Posted Apr 6, 2006 16:59 UTC (Thu) by JoeBuck (subscriber, #2330) [Link] (2 responses)

You did notice, didn't you, that the "actual message" is on a site that Jon Corbet does not control?

Re: [patch 03/26] sysfs: zero terminate sysfs write buffers (CVE-2006-1055)

Posted Apr 6, 2006 19:21 UTC (Thu) by eskild (guest, #1556) [Link]

I'm not entirely certain I understand your wording. If you mean that the actual content originates somewhere else, then of course I'm aware of that.

Now, I may be mistaken, but isn't it the case that LWN has made a cut-and-paste into their own content management system?

Or, are they really downloading text from that remote site whenever you and I load the page? While possible, I honestly doubt it, but please enlighten me if that is the case.

Otherwise, then, the content is now stored at, and served from, LWN and LWN could, if they so chose, apply re-formatting of the e-mail addresses. I doubt anyone would consider that a violation of quotation ethics.

I am also aware that the LKML where the message originates is a highly public place, so in this particular case it makes no difference at all. My comment was merely indended as a note to Mr. Corbet that there is something he could perhaps consider to build into LWN.

Re: [patch 03/26] sysfs: zero terminate sysfs write buffers (CVE-2006-1055)

Posted Apr 8, 2006 23:50 UTC (Sat) by fergal (guest, #602) [Link]

In fairness to Eskild, it does not appear that Jon has cut and pasted from the http://article.gmane.org/gmane.linux.kernel/396304. The address mangling in the header is different and is also applied to the body. So presumably he's doing his own mangling (or copying from someone else who's only mangling the header) in which case it could be improved.


Copyright © 2006, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds