How does __user works?
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Sat Jan 19 15:41:27 EST 2013
On Sat, 19 Jan 2013 17:34:15 +0100, Grzegorz Dwornicki said:
> I could write thesse macros defs too but my real problem is: what does this
> stuff do? Some functions use this macro and other does not. For example
> compat_do_execve (from include/linux/comtap.h) use normal pointer named
> filename and second pointer named argv as __user pointer. Why does argv
> needs __user but filename not?
Hint: Look to see what memory the actual argv[] lives in, and then see what
memory the filename lives in. In general, syscalls like to make a *copy*
of parameters that need security validation, and then validate and use
the copy. This is to prevent a "time-of-check-time-of-use" (TOCTOU) security
issue - otherwise, it would be possible for some nefarious person to issue
a syscall pointing at a filename in shared memory, wait till just after the
security check was done, and then replace the filename with something else
more dastardly (it's a variant on the concept of symlink races). So that
'filename' probably lives in a kmalloc buffer someplace. The argv[] however
is actually in a user page.
That help?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
Url : http://lists.kernelnewbies.org/pipermail/kernelnewbies/attachments/20130119/9654c6a0/attachment.bin
More information about the Kernelnewbies
mailing list