David S. Miller wrote:
Actually, I don't see the security problem. If the kernel thinks the MSG_CMSG_COMPAT bit is set, big deal, the user will just get garbage behavior in that the kernel will intepret it's datastructures to be in the compat format instead of native.
I guess one thing that potentially could be possible is that the user application is coded incorrectly and somehow sets the COMPAT flag. It goes to the kernel while sending a packet and the address with the upper 32bits chopped off turns out to be a valid user address and does not EFAULT. And perhaps some user data is leaked out onto the wire. But, those are a lot of if's.
-- Dave - : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
