kernel-ark/security
Ahmed S. Darwish b500ce8d24 smackfs: do not trust `count' in inodes write()s
Smackfs write() implementation does not put a higher bound on the number of
bytes to copy from user-space.  This may lead to a DOS attack if a malicious
`count' field is given.

Assure that given `count' is exactly the length needed for a /smack/load rule.
 In case of /smack/cipso where the length is relative, assure that `count'
does not exceed the size needed for a buffer representing maximum possible
number of CIPSO 2.2 categories.

Signed-off-by: Ahmed S. Darwish <darwish.07@gmail.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-03-13 13:11:43 -07:00
..
keys Convert ERR_PTR(PTR_ERR(p)) instances to ERR_CAST(p) 2008-02-07 08:42:26 -08:00
selinux LSM/SELinux: Interfaces to allow FS to control mount options 2008-03-06 08:40:53 +11:00
smack smackfs: do not trust `count' in inodes write()s 2008-03-13 13:11:43 -07:00
capability.c Implement file posix capabilities 2007-10-17 08:43:07 -07:00
commoncap.c file capabilities: simplify signal check 2008-02-23 17:12:13 -08:00
dummy.c LSM/SELinux: Interfaces to allow FS to control mount options 2008-03-06 08:40:53 +11:00
inode.c Kobject: convert remaining kobject_unregister() to kobject_put() 2008-01-24 20:40:40 -08:00
Kconfig security: allow Kconfig to set default mmap_min_addr protection 2008-02-06 21:39:46 +08:00
Makefile Smack: Simplified Mandatory Access Control Kernel 2008-02-05 09:44:20 -08:00
root_plug.c security: Convert LSM into a static interface 2007-10-17 08:43:07 -07:00
security.c LSM/SELinux: Interfaces to allow FS to control mount options 2008-03-06 08:40:53 +11:00