Re: Stable backport of "kernel-wide: fix missing validations on __get/__put/__copy_to/__copy_from_user()"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

----- Original Message -----
> From: "Ben Hutchings" <ben@xxxxxxxxxxxxxxx>
> To: "Mathieu Desnoyers" <mathieu.desnoyers@xxxxxxxxxxxx>, "Luis Henriques" <luis.henriques@xxxxxxxxxxxxx>, "Kamal
> Mostafa" <kamal@xxxxxxxxxxxxx>, "Greg Kroah-Hartman" <gregkh@xxxxxxxxxxxxxxxxxxx>
> Cc: "stable" <stable@xxxxxxxxxxxxxxx>
> Sent: Saturday, April 5, 2014 7:37:57 PM
> Subject: Stable backport of "kernel-wide: fix missing validations on __get/__put/__copy_to/__copy_from_user()"
> 
> I noticed that commit 0ef38d70d411 ("alpha: fix broken network
> checksum") was included in Linux 3.2.56, 3.5.7.30 and 3.8.13.18, but it
> was supposed to fix a regression in 3.12 that does not obviously affect
> these stable branches.
> 
> That regression was introduced by commit 3ddc5b46a8e9 ("kernel-wide: fix
> missing validations on __get/__put/__copy_to/__copy_from_user()") which
> hasn't been applied to any stable branch.  But it seems like it should
> be, along with the follow-up fixes.  What do you think?

Hi Ben,

The part of the patch that fixes an information leak on alpha would be
relevant for stable, although hard to exploit since it leaks a checksum.
For the other __get_user/__put_user fixes, I don't think they really matter
for stable releases from a security standpoint, since they are in 32-bit
compatibility code, and are therefore theoretically not exploitable
(famous last words...) ;)

However, the error-prone code pattern, if copied into a non-32-bit compat
code path, would be a security issue. This is why I submitted this fix
for 3.12.

So applying commits 3ddc5b46a8e9 and 0ef38d70d411 to stable would not
hurt, but there is no "very strong" incentive to apply them from a
security standpoint IMHO.

Thanks,

Mathieu



> 
> Ben.
> 
> --
> Ben Hutchings
> I say we take off; nuke the site from orbit.  It's the only way to be sure.
> 

-- 
Mathieu Desnoyers
EfficiOS Inc.
http://www.efficios.com
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]