zedtux
commented
7 years ago Thank you @shawnanastasio for this awesome PR.
Closed shawnanastasio closed 7 years ago
zedtux
commented
7 years ago Thank you @shawnanastasio for this awesome PR.
Previously, the path name was not validated in many functions that accept it as a parameter. Most of the functions then proceded to strcpy() the unvalidated path name directly into rule structs. This is a buffer overflow vulnerability and would potentially allow anybody with the ability to pass a process name to the kernel module to overwrite arbitrary memory owned by the module.