[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-video
Subject: [video4linux] Re: bttv security and stability problems
From: Richard Guenther <zxmpm11 () student ! uni-tuebingen ! de>
Date: 1998-08-10 11:43:47
[Download RAW message or body]
On Mon, 10 Aug 1998, Alan Cox wrote:
> > (abstract: rvfree at bttv_close() time is not a good idea,
> > bt848_set_risc_jmps(btv) in bttv_close() does not prevent the
> > grabber from grabbing into the rvfree'ed memory)
>
> Ah.. oops
>
> > security: one can close /dev/videox and have still mappings
> > of the buffers. But as close deallocates them, the user can
> > now read (and write) to pages used probably by other processes
> > or the kernel. A program could open, mmap, close many times
>
> No. In 2.1.x the final close should go to the device driver on the final unmap
> if you close then unmap
Apart from that I dont understand what you are saying here...
I tested it with 2.1.115 (but with the bttv driver from xawtv-2.19,
is there a difference?) only - why does the memory change after
the close but before the munmap??? I really dont know what happens
then.
Richard.
--
Richard Guenther <richard.guenther@student.uni-tuebingen.de>
PGP: 2E829319 - 2F 83 FC 93 E9 E4 19 E2 93 7A 32 42 45 37 23 57
WWW: http://www.anatom.uni-tuebingen.de/~richi/
------------
To unsubscribe from this list send mail to majordomo@phunk.org with the
line "unsubscribe video4linux" without the quotes in the body of the
message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic