/* args points to a PAGE_SIZE buffer, AppArmor requires that
* the buffer must be null terminated or have size <= PAGE_SIZE -1
* so that AppArmor can null terminate them
*/
you just have to expect exploits.
This is a problem that comes up repeatedly in the Linux kernel. When some kernel call accepts or returns variable-length data, the details are handled locally, not in some general-purpose functions for moving variable-sized data in and out of the kernel safely. That's likely to lead to some checks not being made.
Heartbleed isn't a buffer overflow in the classic sense (you're not writing more to a buffer than it expects to receive), it's just that you could set read buffer sizes that you shouldn't have been able to in a sane world. In that sense it wasn't even a "bug" (the software was doing exactly what the programmer intended), just a badly-specified protocol to begin with.
But from a technical perspective most of them are much of a muchness - I'm more interested in the first time "things" were written up, such as "Smashing The Stack For Fun And Profit":
Or the first time that Format string attacks were documented - a whole class of vulnerabilities sprang up overnight (my memory is that wu-ftp was the original target there).
10 comments
[ 3.2 ms ] story [ 41.8 ms ] threadThis is a problem that comes up repeatedly in the Linux kernel. When some kernel call accepts or returns variable-length data, the details are handled locally, not in some general-purpose functions for moving variable-sized data in and out of the kernel safely. That's likely to lead to some checks not being made.
What you seem to want is a general-purpose string implementation for shuffling data around. With a safe append() preferably.
(TL;DR: Ubuntu 16.10 (Yakkety Yak) is listed as "needs triage", no other releases are affected (14.04/16.04/etc))
The "needs triage" you're seeing for Ubuntu 16.10 is for the "linux-goldfish" and "linux-flo" kernel packages for specific android devices.
https://en.wikipedia.org/wiki/Morris_worm
After that you could see something like SQL Slammer as having a significant impact:
https://en.wikipedia.org/wiki/SQL_Slammer
But from a technical perspective most of them are much of a muchness - I'm more interested in the first time "things" were written up, such as "Smashing The Stack For Fun And Profit":
http://insecure.org/stf/smashstack.html
Or the first time that Format string attacks were documented - a whole class of vulnerabilities sprang up overnight (my memory is that wu-ftp was the original target there).
http://www.drdobbs.com/when-format-strings-attack/184405774
In 1988!