Re: Stable backport of "kernel-wide: fix missing validations on __get/__put/__copy_to/__copy_from_user()"

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, 2014-04-06 at 13:00 +0000, Mathieu Desnoyers wrote:
> ----- Original Message -----
> > From: "Ben Hutchings" <ben@xxxxxxxxxxxxxxx>
> > To: "Mathieu Desnoyers" <mathieu.desnoyers@xxxxxxxxxxxx>, "Luis Henriques" <luis.henriques@xxxxxxxxxxxxx>, "Kamal
> > Mostafa" <kamal@xxxxxxxxxxxxx>, "Greg Kroah-Hartman" <gregkh@xxxxxxxxxxxxxxxxxxx>
> > Cc: "stable" <stable@xxxxxxxxxxxxxxx>
> > Sent: Saturday, April 5, 2014 7:37:57 PM
> > Subject: Stable backport of "kernel-wide: fix missing validations on __get/__put/__copy_to/__copy_from_user()"
> > 
> > I noticed that commit 0ef38d70d411 ("alpha: fix broken network
> > checksum") was included in Linux 3.2.56, 3.5.7.30 and 3.8.13.18, but it
> > was supposed to fix a regression in 3.12 that does not obviously affect
> > these stable branches.
> > 
> > That regression was introduced by commit 3ddc5b46a8e9 ("kernel-wide: fix
> > missing validations on __get/__put/__copy_to/__copy_from_user()") which
> > hasn't been applied to any stable branch.  But it seems like it should
> > be, along with the follow-up fixes.  What do you think?
> 
> Hi Ben,
> 
> The part of the patch that fixes an information leak on alpha would be
> relevant for stable, although hard to exploit since it leaks a checksum.
> For the other __get_user/__put_user fixes, I don't think they really matter
> for stable releases from a security standpoint, since they are in 32-bit
> compatibility code, and are therefore theoretically not exploitable
> (famous last words...) ;)
> 
> However, the error-prone code pattern, if copied into a non-32-bit compat
> code path, would be a security issue. This is why I submitted this fix
> for 3.12.
> 
> So applying commits 3ddc5b46a8e9 and 0ef38d70d411 to stable would not
> hurt, but there is no "very strong" incentive to apply them from a
> security standpoint IMHO.

Thanks for your advice.  I'll revert the alpha change for 3.2.

Ben.

-- 
Ben Hutchings
Q.  Which is the greater problem in the world today, ignorance or apathy?
A.  I don't know and I couldn't care less.

Attachment: signature.asc
Description: This is a digitally signed message part

[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]