Hi folks, I have made another rsbac fixation patch to rsbac kernel 3.8
http://git.rsbac.org/cgi-bin/gitweb.cgi?p=linux-3.8.y.git;a=summary
and with PaX 3.8.13
http://grsecurity.net/test/pax-linux-3.8.13-test24.patch
I'm not sure if the stuff related with namei.c file is correct
#ifdef CONFIG_RSBAC_SYM_REDIR
rsbac_name = rsbac_symlink_redirect(dentry-
>d_inode, link, buflen);
if (rsbac_name) {
len = strlen(rsbac_name);
if (copy_to_user(buffer, rsbac_name, len))
len = -EFAULT;
kfree(rsbac_name);
}
else
#endif
if (len < sizeof(tmpbuf)) {
memcpy(tmpbuf, link, len);
newlink = tmpbuf;
} else
newlink = link;
if (copy_to_user(buffer, newlink, len))
len = -EFAULT;
out:
return len;
}
/*
PaX tries to do this modification to rsbac git code:
--- fs/namei.c 2013-03-19 01:53:21.091281869 +0100
+++ fs/namei.c 2013-03-19 01:53:31.251281326 +0100
@@ -3954,7 +3956,14 @@
len = strlen(link);
if (len > (unsigned) buflen)
len = buflen;
- if (copy_to_user(buffer, link, len))
+
+ if (len < sizeof(tmpbuf)) {
+ memcpy(tmpbuf, link, len);
+ newlink = tmpbuf;
+ } else
+ newlink = link;
+
+ if (copy_to_user(buffer, newlink, len))
len = -EFAULT;
out:
return len;
In fixation patch if CONFIG_RSBAC_SYM_REDIR is defined then test is:
if (copy_to_user(buffer, rsbac_name, len))
len = -EFAULT;
if you don't think this is correct any stuff is highly appreciated.
http://git.rsbac.org/cgi-bin/gitweb.cgi?p=linux-3.8.y.git;a=summary
and with PaX 3.8.13
http://grsecurity.net/test/pax-linux-3.8.13-test24.patch
I'm not sure if the stuff related with namei.c file is correct
#ifdef CONFIG_RSBAC_SYM_REDIR
rsbac_name = rsbac_symlink_redirect(dentry-
>d_inode, link, buflen);
if (rsbac_name) {
len = strlen(rsbac_name);
if (copy_to_user(buffer, rsbac_name, len))
len = -EFAULT;
kfree(rsbac_name);
}
else
#endif
if (len < sizeof(tmpbuf)) {
memcpy(tmpbuf, link, len);
newlink = tmpbuf;
} else
newlink = link;
if (copy_to_user(buffer, newlink, len))
len = -EFAULT;
out:
return len;
}
/*
PaX tries to do this modification to rsbac git code:
--- fs/namei.c 2013-03-19 01:53:21.091281869 +0100
+++ fs/namei.c 2013-03-19 01:53:31.251281326 +0100
@@ -3954,7 +3956,14 @@
len = strlen(link);
if (len > (unsigned) buflen)
len = buflen;
- if (copy_to_user(buffer, link, len))
+
+ if (len < sizeof(tmpbuf)) {
+ memcpy(tmpbuf, link, len);
+ newlink = tmpbuf;
+ } else
+ newlink = link;
+
+ if (copy_to_user(buffer, newlink, len))
len = -EFAULT;
out:
return len;
In fixation patch if CONFIG_RSBAC_SYM_REDIR is defined then test is:
if (copy_to_user(buffer, rsbac_name, len))
len = -EFAULT;
if you don't think this is correct any stuff is highly appreciated.