Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4CE9FADF.70905@redhat.com>
Date: Mon, 22 Nov 2010 13:08:47 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE request: kernel: missing tty ops write function presence check
 in hci_uart_tty_open()

hci_uart_tty_open() is missing check that tty has a write op (a few 
don't), and you should check this at open and refuse if the ops you need 
don't exist, eg as SLIP does:

static int slip_open(struct tty_struct *tty)
{
         struct slip *sl;
         int err;

         if (!capable(CAP_NET_ADMIN))
                 return -EPERM;

         if (tty->ops->write == NULL)
                 return -EOPNOTSUPP;

https://bugzilla.redhat.com/show_bug.cgi?id=641410
http://git.kernel.org/linus/c19483cc5e56ac5e22dd19cf25ba210ab1537773

Thanks, Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.