Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 30 Jun 2018 09:25:08 +0300
From: Georgi Guninski <guninski@...inski.com>
To: oss-security@...ts.openwall.com
Subject: BUG_ON() on mips linux kernels 4.17.2 and earlier (old but alive)


 From
https://j.ludost.net/blog/archives/2018/06/30/bug_on_on_mips_kernels_4_17_2_and_earlier_old_but_alive/index.html

This is old but alive.

On mips linux kernel 4.17.2 and earlier unprivileged user can trigger
BUG_ON() possibly causing denial of service on the whole machine.

Suggested patches from 2013 are in the thread at:
https://www.spinics.net/lists/mips/msg73398.html


in 4.17.2 ./kernel/exit.c

do_group_exit(int exit_code)
{
	struct signal_struct *sig = current->signal;

	BUG_ON(exit_code & 0x80);

|do_group_exit| is called from

./kernel/signal.c:2482:		do_group_exit(ksig->info.si_signo);

Appears to me si_signo can be 0x80 (in decimal 128) because of:

arch/mips/include/uapi/asm/signal.h:15:#define _NSIG		128

Probably testcase will be:
$kill -128 `pidof program`

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ