Date: Wed, 29 Oct 2008 08:49:32 -0700
From: Arjan van de Ven <arjan@infradead.org>
To: Eric Paris <eparis@redhat.com>
Cc: linux-kernel@vger.kernel.org, morgan@kernel.org, serue@us.ibm.com
Subject: Re: [PATCH] Capabilities: BUG when an invalid capability is
 requested
Message-ID: <20081029084932.77de26fd@infradead.org>
In-Reply-To: <1225294932.23736.28.camel@localhost.localdomain>
References: <1225294932.23736.28.camel@localhost.localdomain>
Organization: Intel
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1233
Lines: 26

On Wed, 29 Oct 2008 11:42:12 -0400
Eric Paris <eparis@redhat.com> wrote:

> If an invalid (large) capability is requested the capabilities system
> may panic as it is dereferencing an array of fixed (short) length.
> Its possible (and actually often happens) that the capability system
> accidentally stumbled into a valid memory region but it also regularly
> happens that it hits invalid memory and BUGs.  If such an operation
> does get past cap_capable then the selinux system is sure to have
> problems as it already does a (simple) validity check and BUG.  This
> is known to happen by the broken and buggy firegl driver.
> 
> This patch cleanly checks all capable calls and BUG if a call is for
> an invalid capability.  This will likely break the firegl driver for
> some situations, but it is the right thing to do.  Garbage into a
> security system gets you killed/bugged
> 
> Signed-off-by: Eric Paris <eparis@redhat.com>
> 

Acked-by: Arjan van de Ven <arjan@linux.intel.com>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/