[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-devel] [PATCH] proper bounds check in do_set_gdt entry point
* Keir Fraser (Keir.Fraser@xxxxxxxxxxxx) wrote: > > On 27 Jun 2005, at 19:41, Chris Wright wrote: > > >Unless I missed something, not bounds checking entries in do_set_gdt is > >a security hole. > > > >Signed-off-by: Chris Wright <chrisw@xxxxxxxx> > > The check happens in set_gdt(). do_set_gdt is just a wrapper with a > copy_from_user plus conditional tlb flush. I know, but copy_from_user has no sane limits. This is stack smash. -chris _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
![]() |
Lists.xenproject.org is hosted with RackSpace, monitoring our |