summaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorEric Dumazet <eric.dumazet@gmail.com>2010-12-01 20:46:24 +0000
committerDavid S. Miller <davem@davemloft.net>2010-12-06 12:59:09 -0800
commit2d5311e4e8272fd398fc1cf278f12fd6dee4074b (patch)
treed86fcab7044baa6ec41ef87b8eca186ae6f9ea89 /fs
parentae9c416d686db74f67d73c1bebf1e3a7e8b3c5b5 (diff)
downloadlinux-2d5311e4e8272fd398fc1cf278f12fd6dee4074b.tar.bz2
filter: add a security check at install time
We added some security checks in commit 57fe93b374a6 (filter: make sure filters dont read uninitialized memory) to close a potential leak of kernel information to user. This added a potential extra cost at run time, while we can perform a check of the filter itself, to make sure a malicious user doesnt try to abuse us. This patch adds a check_loads() function, whole unique purpose is to make this check, allocating a temporary array of mask. We scan the filter and propagate a bitmask information, telling us if a load M(K) is allowed because a previous store M(K) is guaranteed. (So that sk_run_filter() can possibly not read unitialized memory) Note: this can uncover application bug, denying a filter attach, previously allowed. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Cc: Dan Rosenberg <drosenberg@vsecurity.com> Cc: Changli Gao <xiaosuo@gmail.com> Acked-by: Changli Gao <xiaosuo@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'fs')
0 files changed, 0 insertions, 0 deletions