home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.os.linux
- Path: sparky!uunet!paladin.american.edu!gatech!emory!sol.ctr.columbia.edu!The-Star.honeywell.com!umn.edu!noc.msc.net!news.stolaf.edu!news.stolaf.edu!johnsonm
- From: johnsonm@amcl6.StOlaf.edu (Michael K Johnson)
- Subject: Re: PATCH: procps - avoid buffer overruns
- In-Reply-To: jaggy@purplet.demon.co.uk's message of Sun, 10 Jan 1993 13:19:00 +0000
- Message-ID: <JOHNSONM.93Jan11113310@amcl6.StOlaf.edu>
- Lines: 22
- Sender: news@news.stolaf.edu
- Reply-To: johnsonm@stolaf.edu
- Organization: St. Olaf College, Northfield, MN USA
- References: <33.2B50D630@purplet.demon.co.uk>
- Date: Mon, 11 Jan 1993 17:33:12 GMT
- Lines: 22
-
-
- In article <33.2B50D630@purplet.demon.co.uk> jaggy@purplet.demon.co.uk (Mike Jagdis) writes:
-
- Incidentally, I seem to remember that you said the problem wouldn't exist
- in the new version because the buffer used was the same size as a kernel
- page. Can you guarantee that the maximum length of the argument line will
- always be limited like this? Surely it would be better to limit the length
- of the copy to the size of buffer we are copying to? What? Me? Trust? Nah...
-
- Yes, I can *guarantee* that the line will never be longer than 4096
- bytes. Here's why: In the kernel, you can never grab more than 4096
- contiguous bytes, and this is one using either kmalloc or (if you
- don't want the overhead and do want 4096 bytes) directly with
- get_free_page(). In the proc filesystem, get_free_page() is used to
- get 1 page to store everthing for that one file in, so the file cannot
- exceed 4096 bytes in length.
-
- That said, my next version of procps will be a little safer in that
- area, but I'll do it a different way, I think...
-
- michaelkjohnson
-
-
