Date: Wed, 18 Jan 2012 12:39:11 +0800 From: Eugene Teo <eugene@...hat.com> To: Kurt Seifried <kseifried@...hat.com> CC: oss-security@...ts.openwall.com, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling On 01/18/2012 10:30 AM, Kurt Seifried wrote: > On 01/17/2012 07:25 PM, Eugene Teo wrote: >> "Jüri Aedla reported that the /proc/<pid>/mem handling really isn't very >> robust, and it also doesn't match the permission checking of any of the >> other related files. >> >> This changes it to do the permission checks at open time, and instead of >> tracking the process, it tracks the VM at the time of the open. That >> simplifies the code a lot, but does mean that if you hold the file >> descriptor open over an execve(), you'll continue to read from the _old_ VM. >> >> That is different from our previous behavior, but much simpler. If >> somebody actually finds a load where this matters, we'll need to revert >> this commit. >> >> I suspect that nobody will ever notice - because the process mapping >> addresses will also have changed as part of the execve. So you cannot >> actually usefully access the fd across a VM change simply because all >> the offsets for IO would have changed too." >> >> http://git.kernel.org/linus/e268337dfe26dfc7efd422a804dbb27977a3cccc >> >> Thanks, Eugene > Please use CVE-2012-0056 for this issue. Reference: https://bugzilla.redhat.com/CVE-2012-0056 Thanks, Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ