From: dank@trellisinc.com
To: linux-kernel@vger.kernel.org
Subject: Re: PROPOSAL: dot-proc interface [was: /proc stuff]
Date: Tue, 6 Nov 2001 17:47:53 -0500 (EST) [thread overview]
Message-ID: <20011106224753.7D45EA3B90@fancypants.trellisinc.com> (raw)
In-Reply-To: <20011106152215.A31923@codepoet.org>
In article <20011106152215.A31923@codepoet.org> you wrote:
> Sorry, no doughnut for you. drivers/block/genhd.c:
> #ifdef CONFIG_PROC_FS
> int get_partition_list(char *page, char **start, off_t offset, int count)
> char buf[64];
> so each /proc/partitions line maxes out at 63 bytes. So not only
> is there no overflow, I am providing 16 extra bytes of padding.
"code poet?" you've plucked an 80 from the air. regardless of what the
kernel prints now and how it's limited (deep within drivers/block/genhd.c),
there is no reference to this silent 63 via either explicit comment or
pure code. your code remains happily ignorant of any modification to this
postcondition, and when that changes (as it surely will), you lose. it's
uninspired coding like the above that keeps the buffer overflow
technique alive.
now, i imagine you're more skilled than this, and would have invested
the time to do it properly the first time around (certainly *my*
managers wouldn't accept "buried within the backend is a hardcoded
constant...", but i work in network security). others, however, may
not be so skilled as you, and what of when they're writing your server?
c string processing is all of doable, mature, and meticulous. "done
properly by beginners" is not how i would describe it.
--
nicholas black (dank@trellisinc.com) http://trellisinc.com
next prev parent reply other threads:[~2001-11-06 22:48 UTC|newest]
Thread overview: 258+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-11-01 10:32 [PATCH] 2.5 PROPOSAL: Replacement for current /proc of shit Rusty Russell
2001-11-01 10:42 ` Jeff Garzik
2001-11-01 16:49 ` Martin Dalecki
2001-11-01 17:06 ` Gábor Lénárt
2001-11-01 12:06 ` Tim Jansen
2001-11-01 18:34 ` James Simmons
2001-11-02 1:42 ` Rusty Russell
2001-11-02 1:56 ` Erik Andersen
2001-11-02 11:44 ` Padraig Brady
2001-11-02 9:11 ` Alexander Viro
2001-11-02 12:39 ` Martin Dalecki
2001-11-02 11:57 ` Alexander Viro
2001-11-02 13:55 ` Keith Owens
2001-11-02 15:08 ` Martin Dalecki
2001-11-04 5:36 ` Albert D. Cahalan
2001-11-02 12:46 ` Miquel van Smoorenburg
2001-11-02 2:20 ` Rusty Russell
2001-11-02 13:59 ` Tim Jansen
[not found] ` <20011103103106.7eb6098b.rusty@rustcorp.com.au>
2001-11-03 11:47 ` Tim Jansen
2001-11-03 23:44 ` Rusty Russell
2001-11-04 1:40 ` Daniel Phillips
2001-11-04 2:08 ` Jakob Østergaard
2001-11-04 12:30 ` Tim Jansen
2001-11-04 13:36 ` Daniel Kobras
2001-11-04 14:13 ` Tim Jansen
2001-11-04 15:33 ` PROPOSAL: dot-proc interface [was: /proc stuff] Jakob Østergaard
2001-11-04 16:05 ` Gábor Lénárt
2001-11-04 16:31 ` Daniel Phillips
2001-11-04 17:30 ` Jakob Østergaard
2001-11-04 16:45 ` Tim Jansen
2001-11-04 17:28 ` Daniel Phillips
2001-11-04 17:41 ` Jakob Østergaard
2001-11-04 17:54 ` SpaceWalker
2001-11-04 20:45 ` Albert D. Cahalan
2001-11-04 17:59 ` John Levon
2001-11-04 18:31 ` Jakob Østergaard
2001-11-04 18:40 ` Alexander Viro
2001-11-04 19:04 ` Jakob Østergaard
2001-11-04 19:24 ` Alex Bligh - linux-kernel
2001-11-04 19:45 ` Jakob Østergaard
2001-11-04 19:52 ` Alexander Viro
2001-11-04 20:06 ` Jakob Østergaard
2001-11-04 22:01 ` Daniel Phillips
2001-11-04 21:12 ` Albert D. Cahalan
2001-11-04 21:20 ` Jakob Østergaard
2001-11-04 21:42 ` Tim Jansen
2001-11-04 22:13 ` Albert D. Cahalan
2001-11-05 11:23 ` Martin Dalecki
2001-11-05 15:58 ` Alexander Viro
2001-11-05 18:30 ` Martin Dalecki
2001-11-05 23:00 ` Albert D. Cahalan
2001-11-06 13:47 ` Martin Dalecki
2001-11-06 17:13 ` Gerhard Mack
2001-11-05 16:38 ` Stephen Satchell
2001-11-05 18:39 ` Martin Dalecki
2001-11-05 18:28 ` Ben Greear
2001-11-05 18:40 ` Rik van Riel
2001-11-05 21:03 ` Tim Jansen
2001-11-05 21:58 ` Ben Greear
2001-11-05 22:51 ` Tim Jansen
2001-11-05 22:59 ` Erik Andersen
2001-11-05 23:35 ` Tim Jansen
2001-11-05 23:41 ` Alexander Viro
2001-11-06 13:49 ` Martin Dalecki
2001-11-06 19:49 ` dank
2001-11-06 22:22 ` Erik Andersen
2001-11-06 22:47 ` dank [this message]
2001-11-06 23:11 ` Erik Andersen
2001-11-06 23:39 ` Ricky Beam
2001-11-07 12:45 ` Remco Post
2001-11-07 1:06 ` George Greer
2001-11-05 19:58 ` Jonathan Lundell
2001-11-05 21:43 ` Stephen Satchell
2001-11-06 5:22 ` Ragnar Hojland Espinosa
2001-11-04 21:22 ` Alex Bligh - linux-kernel
2001-11-05 4:03 ` Stuart Young
2001-11-05 4:05 ` Alexander Viro
2001-11-05 4:55 ` Stuart Young
2001-11-05 16:32 ` SpaceWalker
2001-11-06 6:46 ` Jakob Østergaard
2001-11-04 19:29 ` Alexander Viro
2001-11-04 19:50 ` Jakob Østergaard
2001-11-04 20:01 ` Alexander Viro
2001-11-04 20:09 ` Jakob Østergaard
2001-11-06 7:23 ` Kai Henningsen
2001-11-06 14:00 ` Jakob Østergaard
2001-11-04 18:27 ` Tim Jansen
2001-11-04 18:35 ` Alexander Viro
2001-11-04 18:39 ` Jakob Østergaard
2001-11-07 1:20 ` Pavel Machek
2001-11-07 21:14 ` Rik van Riel
2000-01-01 0:13 ` Pavel Machek
2001-11-04 18:20 ` Tim Jansen
2001-11-04 18:30 ` Alexander Viro
2001-11-04 18:52 ` Jakob Østergaard
2001-11-04 19:18 ` Daniel Phillips
2001-11-04 21:41 ` Albert D. Cahalan
2001-11-05 11:06 ` Martin Dalecki
2001-11-05 10:28 ` Daniel Phillips
2001-11-05 22:46 ` Albert D. Cahalan
2001-11-06 0:54 ` Daniel Phillips
2001-11-06 1:11 ` Stephen Satchell
2001-11-04 18:46 ` Jakob Østergaard
2001-11-04 19:07 ` Linus Torvalds
2001-11-04 19:20 ` Jakob Østergaard
2001-11-04 19:32 ` Dave Jones
2001-11-04 19:52 ` Jakob Østergaard
2001-11-04 20:06 ` Alexander Viro
2001-11-04 20:11 ` Jakob Østergaard
2001-11-11 10:06 ` Kai Henningsen
2001-11-11 19:43 ` Jakob Østergaard
2001-11-12 13:43 ` Pascal Schmidt
2001-11-13 12:09 ` Jakob Østergaard
2001-11-13 14:41 ` Riley Williams
2001-11-04 22:09 ` Luigi Genoni
2001-11-04 17:48 ` Jakob Østergaard
2001-11-04 18:02 ` John Levon
2001-11-04 18:34 ` Tim Jansen
2001-11-04 18:59 ` Jakob Østergaard
2001-11-04 19:19 ` Tim Jansen
2001-11-04 19:24 ` Jakob Østergaard
2001-11-04 19:41 ` Tim Jansen
2001-11-04 19:55 ` Jakob Østergaard
2001-11-04 20:13 ` Tim Jansen
2001-11-04 20:11 ` Jakob Østergaard
2001-11-04 20:47 ` Alex Bligh - linux-kernel
2001-11-04 21:02 ` Jakob Østergaard
2001-11-04 22:53 ` Stephen Satchell
2001-11-05 11:04 ` zmwillow
2001-11-05 13:41 ` Petr Baudis
2001-11-05 20:49 ` Tim Jansen
2001-11-05 22:01 ` Ben Greear
[not found] ` <20011105223413.U11619@pasky.ji.cz>
[not found] ` <160rly-1tl3XUC@fmrl05.sul.t-online.com>
2001-11-05 22:07 ` Petr Baudis
2001-11-06 7:25 ` Jakob Østergaard
2001-11-06 8:21 ` Petr Baudis
2001-11-06 8:34 ` Alexander Viro
2001-11-06 13:43 ` Jakob Østergaard
2001-11-06 17:01 ` Petr Baudis
2001-11-05 19:55 ` PROPOSAL: kernfs (was: Re: PROPOSAL: dot-proc interface [was: /proc st Kai Henningsen
2001-11-06 18:56 ` PROPOSAL: /proc standards (was dot-proc interface [was: /proc stuff]) Stephen Satchell
2001-11-06 19:38 ` Ben Greear
2001-11-06 20:12 ` PROPOSAL: /proc standards (was dot-proc interface [was: /proc Erik Hensema
2001-11-06 20:58 ` Roy Sigurd Karlsbakk
2001-11-06 21:43 ` Ricky Beam
2001-11-06 22:14 ` Alexander Viro
2001-11-07 0:33 ` Alex Bligh - linux-kernel
2001-11-07 7:20 ` Albert D. Cahalan
2001-11-07 8:07 ` Alexander Viro
2001-11-07 17:24 ` Alex Bligh - linux-kernel
2001-11-07 17:22 ` Blue Lang
2001-11-07 19:21 ` Ricky Beam
2001-11-11 10:27 ` Kai Henningsen
2001-11-08 0:47 ` Albert D. Cahalan
2001-11-08 18:53 ` Alex Bligh - linux-kernel
2001-11-08 21:28 ` Ricky Beam
2001-11-09 5:15 ` Albert D. Cahalan
2001-11-19 19:22 ` bill davidsen
2001-11-07 0:13 ` Martin Dalecki
2001-11-07 0:40 ` Alex Bligh - linux-kernel
2001-11-07 1:10 ` Ricky Beam
[not found] ` <Pine.GSO.4.33.0111061947540.17287-100000@sweetums.bluetronic.ne t>
2001-11-07 1:17 ` Alex Bligh - linux-kernel
2001-11-07 11:32 ` Martin Dalecki
2001-11-07 12:35 ` Remco Post
2001-11-07 23:53 ` Albert D. Cahalan
2001-11-07 22:24 ` Paul P Komkoff Jr
2001-11-07 23:15 ` Phil Howard
2001-11-06 21:24 ` Rik van Riel
2001-11-06 21:45 ` Erik Hensema
2001-11-06 22:06 ` Tim Jansen
2001-11-06 22:28 ` Erik Andersen
2001-11-06 22:33 ` Jan-Benedict Glaw
2001-11-06 22:42 ` Erik Andersen
2001-11-06 22:49 ` Jan-Benedict Glaw
2001-11-06 22:53 ` Patrick Mochel
2001-11-06 22:52 ` Erik Andersen
2001-11-06 22:46 ` Ben Greear
2001-11-06 22:50 ` Jan-Benedict Glaw
2001-11-07 0:17 ` Martin Dalecki
2001-11-06 22:53 ` J . A . Magallon
2001-11-05 16:49 ` [PATCH] 2.5 PROPOSAL: Replacement for current /proc of shit Jonathan Lundell
2001-11-05 20:46 ` Tim Jansen
2001-11-05 23:04 ` Greg KH
2001-11-05 22:19 ` Tim Jansen
2001-11-05 0:12 ` Rusty Russell
2001-11-05 3:34 ` Daniel Phillips
2001-11-05 22:48 ` Rusty Russell
2001-11-06 10:25 ` Daniel Phillips
2001-11-06 15:46 ` Theodore Tso
2001-11-07 23:35 ` Rusty Russell
[not found] <Pine.LNX.4.33.0111041141100.14150-100000@penguin.transmeta.com>
2001-11-04 19:53 ` PROPOSAL: dot-proc interface [was: /proc stuff] Daniel Phillips
2001-11-04 23:06 Craig Thrall
2001-11-04 23:39 ` Jakob Østergaard
[not found] <20011104214229Z17052-23341+37@humbolt.nl.linux.org>
2001-11-04 23:42 ` Alexander Viro
2001-11-05 0:10 ` Daniel Phillips
2002-01-24 17:42 RFC: booleans and the kernel Jeff Garzik
2002-01-24 18:22 ` Anton Altaparmakov
2002-01-24 18:33 ` Arnaldo Carvalho de Melo
2002-01-24 19:28 ` H. Peter Anvin
2002-01-24 19:34 ` Arnaldo Carvalho de Melo
2002-01-24 19:43 ` H. Peter Anvin
2002-01-24 19:47 ` Arnaldo Carvalho de Melo
2002-01-24 19:46 ` Ingo Oeser
2002-01-24 19:52 ` Oliver Xymoron
2002-01-24 20:03 ` Jeff Garzik
2002-01-24 20:06 ` Oliver Xymoron
2002-01-24 20:14 ` Jeff Garzik
2002-01-24 20:23 ` Alexander Viro
2002-01-24 20:25 ` Oliver Xymoron
2002-01-24 20:35 ` John Levon
2002-01-24 20:15 ` Alexander Viro
2002-01-24 20:21 ` Richard B. Johnson
2002-01-24 20:39 ` Oliver Xymoron
2002-01-24 21:55 ` Richard B. Johnson
2002-01-24 21:57 ` Jeff Garzik
2002-01-24 22:05 ` H. Peter Anvin
2002-01-24 22:13 ` Robert Love
2002-01-24 22:33 ` Xavier Bestel
2002-01-24 22:53 ` Xavier Bestel
2002-01-24 22:59 ` Robert Love
2002-01-24 23:27 ` Xavier Bestel
2002-01-25 6:13 ` Alexander Viro
2002-01-25 8:00 ` Momchil Velikov
2002-01-25 10:51 ` Xavier Bestel
2002-01-25 16:11 ` Olivier Galibert
2002-01-26 7:22 ` Timothy Covell
2002-01-25 7:48 ` Alexander Viro
2002-01-25 23:49 ` J.A. Magallon
2002-01-27 11:27 ` Kai Henningsen
2002-01-25 23:09 ` Timothy Covell
2002-01-25 1:16 ` John Levon
2002-01-25 22:47 ` Timothy Covell
2002-01-25 21:24 ` Timothy Covell
2002-01-24 21:31 ` Oliver Xymoron
2002-01-24 22:19 ` Robert Love
2002-01-24 22:38 ` Robert Love
2002-01-25 22:44 ` Timothy Covell
2002-01-25 3:52 ` Ragnar Hojland Espinosa
2002-01-25 20:39 ` Calin A. Culianu
2002-01-25 23:07 ` Rick Stevens
2002-01-25 19:02 ` Kai Henningsen
2002-01-27 1:33 ` Timothy Covell
2002-01-26 2:56 ` Jamie Lokier
2002-01-27 11:18 ` Kai Henningsen
2002-01-25 22:30 ` Timothy Covell
2002-01-24 22:36 ` Alexander Viro
2002-01-25 6:36 ` Kai Henningsen
[not found] ` <200201250900.g0P8xoL10082@home.ashavan.org.>
2002-01-29 6:36 ` Nix N. Nix
2002-01-25 21:43 ` Timothy Covell
2002-01-24 21:50 ` Oliver Xymoron
2002-01-24 22:21 ` H. Peter Anvin
2002-01-25 15:07 ` Werner Almesberger
2002-01-25 15:21 ` Jakub Jelinek
2002-01-25 16:45 ` H. Peter Anvin
2002-01-25 11:07 ` Helge Hafting
2002-01-24 22:33 ` Chris Wedgwood
2002-01-24 22:44 ` H. Peter Anvin
2002-01-26 10:22 ` Chris Wedgwood
2002-01-25 2:00 ` Erik Andersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20011106224753.7D45EA3B90@fancypants.trellisinc.com \
--to=dank@trellisinc.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).