0c4bafa8fe
1. Use unsigned rather than signed lengths 2. Bound messages to/from Venus to VC_MAXMSGSIZE 3. Bound messages to/from general user processes to VC_MAXDATASIZE 4. Update comment regarding data limits for pioctl Without (1) and (3), it may be possible for unprivileged user processes to read sensitive portions of kernel memory. This issue is only present if the Coda kernel module is loaded and venus (the userspace Coda daemon) is running and has /coda mounted. As Coda is considered experimental and production use is warned against in the coda(4) man page, and because Coda must be explicitly configured for a configuration to be vulnerable, we won't be issuing a security advisory. However, if you are using Coda, then you are advised to apply these fixes. Reported by: Dan J. Rosenberg <drosenberg at vsecurity.com> Obtained from: NetBSD (Christos Zoulas) Security: Kernel memory disclosure; no advisory as feature experimental MFC after: 3 days |
||
---|---|---|
.. | ||
cd9660 | ||
coda | ||
deadfs | ||
devfs | ||
ext2fs | ||
fdescfs | ||
fifofs | ||
hpfs | ||
msdosfs | ||
nfs | ||
nfsclient | ||
nfsserver | ||
ntfs | ||
nullfs | ||
nwfs | ||
portalfs | ||
procfs | ||
pseudofs | ||
smbfs | ||
tmpfs | ||
udf | ||
unionfs |