LinuxLists.cc - [PATCH linu-next] samples/bpf: use absolute path for dd

2022-09-22 09:19:55

Subject: [PATCH linu-next] samples/bpf: use absolute path for dd

From: Xu Panda <[email protected]>

Not using absolute path when invoking dd can lead to serious security
issues.

Reported-by: Zeal Robot <[email protected]>
Signed-off-by: Xu Panda <[email protected]>
---
samples/bpf/trace_event_user.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/samples/bpf/trace_event_user.c b/samples/bpf/trace_event_user.c
index 9664749bf618..d841918accc9 100644
--- a/samples/bpf/trace_event_user.c
+++ b/samples/bpf/trace_event_user.c
@@ -126,7 +126,7 @@ static void print_stacks(void)

static inline int generate_load(void)
{
- if (system("dd if=/dev/zero of=/dev/null count=5000k status=none") < 0) {
+ if (system("/usr/bin/dd if=/dev/zero of=/dev/null count=5000k status=none") < 0) {
printf("failed to generate some load with dd: %s\n", strerror(errno));
return -1;
}
--
2.15.2

2022-09-22 10:17:32

by Greg KH

[permalink] [raw]

Subject: Re: [PATCH linu-next] samples/bpf: use absolute path for dd

On Thu, Sep 22, 2022 at 09:02:31AM +0000, [email protected] wrote:
> From: Xu Panda <[email protected]>
>
> Not using absolute path when invoking dd can lead to serious security
> issues.
>
> Reported-by: Zeal Robot <[email protected]>
> Signed-off-by: Xu Panda <[email protected]>
> ---
> samples/bpf/trace_event_user.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/samples/bpf/trace_event_user.c b/samples/bpf/trace_event_user.c
> index 9664749bf618..d841918accc9 100644
> --- a/samples/bpf/trace_event_user.c
> +++ b/samples/bpf/trace_event_user.c
> @@ -126,7 +126,7 @@ static void print_stacks(void)
>
> static inline int generate_load(void)
> {
> - if (system("dd if=/dev/zero of=/dev/null count=5000k status=none") < 0) {
> + if (system("/usr/bin/dd if=/dev/zero of=/dev/null count=5000k status=none") < 0) {
> printf("failed to generate some load with dd: %s\n", strerror(errno));
> return -1;
> }
> --
> 2.15.2

Again, please stop submitting patches for Linux kernel development at
this point in time until your company has fixed their development
process.

You have been warned many times about this, and we have heard nothing
back from you at all. I'll go ask for your email address to now be
banned from our lists, sorry.

greg k-h