* Dave Jones (davej@codemonkey.org.uk) wrote:
quoted text
> We had a user file a bug report recently that sys_capget is overflowing
> a user buffer.
> 
> More details and test program are available at
> https://bugzilla.redhat.com/show_bug.cgi?id=447518
> 
> The only recent change in this area was e338d263a76af78fe8f38a72131188b58fceb591
> "Add 64-bit capability support to the kernel".

Yes, this thing is broken.

Trouble is, it's expecting an array of 2, and getting an array of 1.

The userspace fix is to do this (note, this does not fix the fact that
the ABI is broken, it's so opaque that it's difficult to follow).

cap_user_data_t data=malloc(sizeof(*data)*_LINUX_CAPABILITY_U32S);

Bojan, is there a capset involved as well, because that will pull in
garbage and set caps accordingly?
--
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/