Re: get_ds() ??

["Zhen Liu" <zliu_sec@hotmail.com>]

yes. the address of "filename" is still in the kernel space.

using line 1 and 3 can bypass the address checking in many kernel functions
which are originally designed for dealing with user space data.

see http://www.linux.it/~rubini/docs/ksys/ksys.html for a detailed
description.

zhen


----- Original Message ----- 
From: amith nambiar
To: kernelnewbies@nl.linux.org
Sent: Monday, September 01, 2003 12:11 AM
Subject: get_ds() ??


hi all,
          i was reading (nearly) Complete Linux loadable kernel modules
by - Pragmatic /THC Version 1.0 and found the following.
I could understand from the article that whenever system call's are made the
arguments
must be in user space.Now filename is declared in Kernel space inside my
modules as :
char filename[]="/home/amisim/logger.txt"
extract from the article:
#################################################################
->filename is in our kernel space; a string we just created, for example
unsigned long old_fs_value=get_fs();
1.set_fs(get_ds);               /*after this we can access the user space
data*/
2.open(filename, O_CREAT|O_RDWR|O_EXCL, 0640);
3.set_fs(old_fs_value);         /*restore fs...*/
#################################################################
Now filename is in our kernel space, but after a call to set_fs(get_ds) the
system call
works  and the system call returns with a fd > 0, how is this working ?
i had tried the code without line numbers 1 and 3 (for testing purposes) but
it never worked ??.
My doubts:
1.  "filename" is still in kernel space right ???

  2.  what happened in line 1 and 3.?
It would be great if someone could throw more light on this.I'am confused
:-(.
Thanks for your time.
regards,
Amith.



Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
--
Kernelnewbies: Help each other learn about the Linux kernel.
Archive:       http://mail.nl.linux.org/kernelnewbies/
FAQ:           http://kernelnewbies.org/faq/