On Sat, 19 Jan 2013 17:34:15 +0100, Grzegorz Dwornicki said:

> I could write thesse macros defs too but my real problem is: what does this
> stuff do? Some functions use this macro and other does not. For example
> compat_do_execve (from include/linux/comtap.h) use normal pointer named
> filename and second pointer named argv as __user pointer. Why does argv
> needs __user but filename not?

Hint:  Look to see what memory the actual argv[] lives in, and then see what
memory the filename lives in.  In general, syscalls like to make a *copy*
of parameters that need security validation, and then validate and use
the copy.  This is to prevent a "time-of-check-time-of-use" (TOCTOU) security
issue - otherwise, it would be possible for some nefarious person to issue
a syscall pointing at a filename in shared memory, wait till just after the
security check was done, and then replace the filename with something else
more dastardly (it's a variant on the concept of symlink races).  So that
'filename' probably lives in a kmalloc buffer someplace.  The argv[] however
is actually in a user page.

That help?

Attachment: pgpxz7wCX7DXT.pgp
Description: PGP signature

_______________________________________________
Kernelnewbies mailing list
[email protected]
http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies

Reply via email to