Re: [issue1863] Implement 'hammer volume-list' subcommand
On 10/08/2010 06:26 PM, Stathis Kamperis (via DragonFly issue tracker)
wrote:
>
> Stathis Kamperis <ekamperi@gmail.com> added the comment:
>
> Fixed, sorry.
>
> I changed strlcpy() to copyout() and also added some rudimentary validation on
> the count of volumes to write.
>
> I honestly don't know how to make kernel defend against a lying user-land.
The kernel holds all the cards, just check absolutely everything
userland tells you against your own data structures :)
Patch looks ok, except that you don't want to unconditionally copy
MAXPATHLEN bytes to userland. The issue here isn't performance, but
information disclosure. Your code will copy to userspace whatever
happens to be allocated adjacent to the volume name in RAM. Perhaps an
implementation of copyoutstr() is in order?
HTH,
Aggelos
討論串 (同標題文章)
完整討論串 (本文為第 9 之 17 篇):