[kernel-hardening] Re: [PATCH v9 1/4] syscalls: Verify address limit before returning to user-mode
Andy Lutomirski
luto at kernel.org
Fri May 12 16:20:31 PDT 2017
On Fri, May 12, 2017 at 12:15 AM, Al Viro <viro at zeniv.linux.org.uk> wrote:
> Folks, seriously, have you even looked through that zoo? I have, and it's
> really, really not fun. Sure, we can say "fuck 'em, no need to allow
> splice() on random crap". Would be perfectly reasonable, expect that
> it's not the only place doing kernel_write() and its ilk...
Can you clarify this? I think we really may be able to do exactly
this. From Christoph's list, there are only two things that need
kernel_read/kernel_write to user-supplied fds that may come from a
variety of sources: splice and exec. If you're execing a chardev from
a crappy driver, something is seriously wrong. And returning -EINVAL
from splice() to or from files that use ->read and ->write seems find
(and splice(2) even documents -EINVAL as meaning that the target
doesn't support splicing).
--Andy
More information about the linux-arm-kernel
mailing list