Why does the kernel do access_OK before accessing user data?

This article is reproduced by the author. Commercial reprint please contact the author for authorization, non-commercial reprint please indicate the source.

Author: Song Baohua

Source: wechat official account Linux Reading Code Field (ID: Linuxdev)

The principle of

Here’s a quick video. What happens if kernel access users don’t do access_OK?

https://v.qq.com/x/page/i1342goaqn3.html

Next, do your homework in depth!

case

For example, the following commit in the kernel introduces a serious security vulnerability (cVE-2017-5123) :

harm

An example of an attack is as follows:

http://www.freebuf.com/vuls/152412.html

Analysis and Utilization of Linux Kernel Waitid System Call Local Entitlement Vulnerability (CVE-2017-5123)

repair

The kernel commit fixes this:

Obviously, it just adds a call to access_OK.

More exciting updates… Welcome to wechat official account: Linux Reading Code Field (ID: Linuxdev)

Why does the kernel do access_OK before accessing user data?

The principle of

case

harm

repair

Related Posts

Distributed transactions (4) : Distributed transactions based on the ultimate consistency of messages

A comprehensive guide to SQLAlchemy for Python ORM

Mutable String classes: StringBuilder and StringBuffer