Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S271675AbTGRBvv (ORCPT ); Thu, 17 Jul 2003 21:51:51 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S271678AbTGRBvv (ORCPT ); Thu, 17 Jul 2003 21:51:51 -0400 Received: from sccrmhc12.comcast.net ([204.127.202.56]:17888 "EHLO sccrmhc12.comcast.net") by vger.kernel.org with ESMTP id S271675AbTGRBvu (ORCPT ); Thu, 17 Jul 2003 21:51:50 -0400 Subject: [PATCH] fix info leak From: Albert Cahalan To: linux-kernel Cc: Andrew Morton , Linus Torvalds Content-Type: text/plain Organization: Message-Id: <1058493468.733.55.camel@cube> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.2.4 Date: 17 Jul 2003 21:57:48 -0400 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 909 Lines: 27 Here's a better fix for the kernel stack data leaking out into user-space. (due to padding) This fix takes advantage of the fact that an i386 machine is little-endian. The type of st_rdev may be widened to fill the gap, causing the extra 2 bytes to get zeroed when st_rdev is written to. Everybody: use -Wpadded to find these --- old/include/asm-i386/stat.h 2003-06-26 17:50:47.000000000 -0400 +++ new/include/asm-i386/stat.h 2003-07-17 18:23:01.000000000 -0400 @@ -9,6 +9,6 @@ unsigned short st_uid; unsigned short st_gid; - unsigned short st_rdev; + unsigned int st_rdev; unsigned long st_size; unsigned long st_atime; unsigned long st_mtime; - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/