[PATCH] landlock: Initialize kernel stack variables properly

Mickaël Salaün mic at digikod.net
Wed Nov 3 12:17:19 UTC 2021


Hi Austin,

On 03/11/2021 08:14, Austin Kim wrote:
> In case kernel stack variables are not initialized properly, there might 
> be a little chance of kernel information disclosure. So it is better for 
> kernel stack variables to be initialized with null characters.
> 
> Signed-off-by: Austin Kim <austindh.kim at gmail.com>
> ---
>  security/landlock/syscalls.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c
> index 32396962f04d..50a6f7091428 100644
> --- a/security/landlock/syscalls.c
> +++ b/security/landlock/syscalls.c
> @@ -320,6 +320,8 @@ SYSCALL_DEFINE4(landlock_add_rule,
>  	if (rule_type != LANDLOCK_RULE_PATH_BENEATH)
>  		return -EINVAL;
>  
> +	memset(&path_beneath_attr, 0, sizeof(path_beneath_attr));
> +

This memset is already done with the copy_from_user() call just below.

>  	/* Copies raw user space buffer, only one type for now. */
>  	res = copy_from_user(&path_beneath_attr, rule_attr,
>  			sizeof(path_beneath_attr));
> 



More information about the Linux-security-module-archive mailing list