[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-video
Subject:    [video4linux] Re: bttv security and stability problems
From:       Richard Guenther <zxmpm11 () student ! uni-tuebingen ! de>
Date:       1998-08-10 11:43:47
[Download RAW message or body]

On Mon, 10 Aug 1998, Alan Cox wrote:

> > (abstract: rvfree at bttv_close() time is not a good idea,
> > bt848_set_risc_jmps(btv) in bttv_close() does not prevent the
> > grabber from grabbing into the rvfree'ed memory)
> 
> Ah.. oops
> 
> > security: one can close /dev/videox and have still mappings
> > of the buffers. But as close deallocates them, the user can
> > now read (and write) to pages used probably by other processes
> > or the kernel. A program could open, mmap, close many times
> 
> No. In 2.1.x the final close should go to the device driver on the final unmap
> if you close then unmap

Apart from that I dont understand what you are saying here...
I tested it with 2.1.115 (but with the bttv driver from xawtv-2.19,
is there a difference?) only - why does the memory change after
the close but before the munmap??? I really dont know what happens
then.

Richard.

--
Richard Guenther <richard.guenther@student.uni-tuebingen.de>
PGP: 2E829319 - 2F 83 FC 93 E9 E4 19 E2 93 7A 32 42 45 37 23 57
WWW: http://www.anatom.uni-tuebingen.de/~richi/

------------
To unsubscribe from this list send mail to majordomo@phunk.org with the
line "unsubscribe video4linux" without the quotes in the body of the
message.

[prev in list] [next in list] [prev in thread] [next in thread]