I agree. You are right. Lin
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Greg KH Sent: Thursday, November 01, 2007 10:52 AM To: Tan, Lin Cc: linux-security-module@vger.kernel.org Subject: Re: Possible missing security checks in usbfs? On Thu, Nov 01, 2007 at 10:42:02AM -0500, Tan, Lin wrote: > Thank you so much for the response. :) > > I think a malicious driver (in kernel space) can still call these > functions to create a device node, which is dangerous. If this is not > possible, then there is no security hole. I don't see how this is possible, do you? Remember, if you have a malicious driver in kernel space, you can do whatever you want to do, no need to try to plod through the symbol table to lookup a static symbol in a kernel module and call that, just create the device node yourself with your own code :) thanks, greg k-h - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html - To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
