Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 3 Feb 2010 13:15:36 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE request: kernel OOM/crash in
 drivers/connector

Please use CVE-2010-0410 for this.

Thanks.

-- 
    JB


----- "Marcus Meissner" <meissner@...e.de> wrote:

> Hi,
> 
> Sebastian Krahmer found a problem in the drivers/connector/connector.c
> code
> where users could send/allocate arbitrary amounts of
> NETLINK_CONNECTOR
> messages to the kernel, causing OOM condition, killing selected
> processes
> or halting the system.
> 
> This is fixed in mainline commit
> f98bfbd78c37c5946cc53089da32a5f741efdeb7
> by removing the code.
> 
> commit f98bfbd78c37c5946cc53089da32a5f741efdeb7
> Author: Evgeniy Polyakov <zbr@...emap.net>
> Date:   Tue Feb 2 15:58:48 2010 -0800
> 
>     connector: Delete buggy notification code.
> 
>     On Tue, Feb 02, 2010 at 02:57:14PM -0800, Greg KH (gregkh@...e.de)
> wrote:
>     > > There are at least two ways to fix it: using a big cannon and
> a small
>     > > one. The former way is to disable notification registration,
> since it is
>     > > not used by anyone at all. Second way is to check whether
> calling
>     > > process is root and its destination group is -1 (kind of
> priveledged
>     > > one) before command is dispatched to workqueue.
>     >
>     > Well if no one is using it, removing it makes the most sense,
> right?
>     >
>     > No objection from me, care to make up a patch either way for
> this?
> 
>     Getting it is not used, let's drop support for notifications
> about
>     (un)registered events from connector.
>     Another option was to check credentials on receiving, but we can
> always
>     restore it without bugs if needed, but genetlink has a wider code
> base
>     and none complained, that userspace can not get notification when
> some
>     other clients were (un)registered.
> 
>     Kudos for Sebastian Krahmer <krahmer@...e.de>, who found a bug in
> the
>     code.
> 
>     Signed-off-by: Evgeniy Polyakov <zbr@...emap.net>
>     Acked-by: Greg Kroah-Hartman <gregkh@...e.de>
>     Signed-off-by: David S. Miller <davem@...emloft.net>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ