summaryrefslogtreecommitdiffstats
path: root/Documentation
diff options
context:
space:
mode:
authorDan Rosenberg <drosenberg@vsecurity.com>2011-06-15 15:09:01 -0700
committerGreg Kroah-Hartman <gregkh@suse.de>2011-08-03 12:42:52 -0700
commit3d0475119d8722798db5e88f26493f6547a4bb5b (patch)
tree9fde5a9c02e96805eebcf67fd7c041bdc72513ab /Documentation
parent30f311db2bee9f2e0373619dee1acd6182819ee1 (diff)
downloadlinux-stable-3d0475119d8722798db5e88f26493f6547a4bb5b.tar.gz
linux-stable-3d0475119d8722798db5e88f26493f6547a4bb5b.tar.bz2
linux-stable-3d0475119d8722798db5e88f26493f6547a4bb5b.zip
alpha: fix several security issues
commit 21c5977a836e399fc710ff2c5367845ed5c2527f upstream. Fix several security issues in Alpha-specific syscalls. Untested, but mostly trivial. 1. Signedness issue in osf_getdomainname allows copying out-of-bounds kernel memory to userland. 2. Signedness issue in osf_sysinfo allows copying large amounts of kernel memory to userland. 3. Typo (?) in osf_getsysinfo bounds minimum instead of maximum copy size, allowing copying large amounts of kernel memory to userland. 4. Usage of user pointer in osf_wait4 while under KERNEL_DS allows privilege escalation via writing return value of sys_wait4 to kernel memory. Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Cc: Richard Henderson <rth@twiddle.net> Cc: Ivan Kokshaysky <ink@jurassic.park.msu.ru> Cc: Matt Turner <mattst88@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'Documentation')
0 files changed, 0 insertions, 0 deletions