>>On Sun, 17 Nov 2019 20:38:59 +0100, Alexander Bluhm wrote:
>>
>>> I think the best way to handle it, is to make the kernel strict and
>>> fix userland. If the kernel would allow the sloppiest userland
>>> program to succeed, creating security would be hard.
>>
>>Sorry, I don't agree. We cannot expect userland to fill in a
>>non-standard length field. The kernel ioctl handler should set
>>sa_len appropriately instead.
>
>I think sa_len has written extensively on this before, that sa_len is
^^^^^^ -- guenther
>only an output value from the kernel.
>
>Userland is not expected to initialize the variable, except I think
>for something related to AF_UNIX.
>
>So I think that added check is incorrect.
>
>
