On Thu, Sep 22, 2022 at 09:02:31AM +0000, cgel.zte@xxxxxxxxx wrote:
> From: Xu Panda <xu.panda@xxxxxxxxxx>
>
> Not using absolute path when invoking dd can lead to serious security
> issues.
>
> Reported-by: Zeal Robot <zealci@xxxxxxxxxx>
> Signed-off-by: Xu Panda <xu.panda@xxxxxxxxxx>
> ---
> samples/bpf/trace_event_user.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/samples/bpf/trace_event_user.c b/samples/bpf/trace_event_user.c
> index 9664749bf618..d841918accc9 100644
> --- a/samples/bpf/trace_event_user.c
> +++ b/samples/bpf/trace_event_user.c
> @@ -126,7 +126,7 @@ static void print_stacks(void)
>
> static inline int generate_load(void)
> {
> - if (system("dd if=/dev/zero of=/dev/null count=5000k status=none") < 0) {
> + if (system("/usr/bin/dd if=/dev/zero of=/dev/null count=5000k status=none") < 0) {
> printf("failed to generate some load with dd: %s\n", strerror(errno));
> return -1;
> }
> --
> 2.15.2
Again, please stop submitting patches for Linux kernel development at
this point in time until your company has fixed their development
process.
You have been warned many times about this, and we have heard nothing
back from you at all. I'll go ask for your email address to now be
banned from our lists, sorry.
greg k-h
