Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 17 Jan 2012 19:30:33 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Eugene Teo <eugene@...hat.com>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem
 handling

On 01/17/2012 07:25 PM, Eugene Teo wrote:
> "Jüri Aedla reported that the /proc/<pid>/mem handling really isn't very
> robust, and it also doesn't match the permission checking of any of the
> other related files.
>
> This changes it to do the permission checks at open time, and instead of
> tracking the process, it tracks the VM at the time of the open.  That
> simplifies the code a lot, but does mean that if you hold the file
> descriptor open over an execve(), you'll continue to read from the _old_ VM.
>
> That is different from our previous behavior, but much simpler.  If
> somebody actually finds a load where this matters, we'll need to revert
> this commit.
>
> I suspect that nobody will ever notice - because the process mapping
> addresses will also have changed as part of the execve.  So you cannot
> actually usefully access the fd across a VM change simply because all
> the offsets for IO would have changed too."
>
> http://git.kernel.org/linus/e268337dfe26dfc7efd422a804dbb27977a3cccc
>
> Thanks, Eugene
Please use CVE-2012-0056 for this issue.

-- 

-- Kurt Seifried / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ