Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 29 Jan 2021 12:30:01 -0500
From: "David A. Wheeler" <dwheeler@...eeler.com>
To: oss-security@...ts.openwall.com
Subject: Re: Linux Kernel: local priv escalation via futexes



> On Jan 29, 2021, at 12:01 PM, Marcus Meissner <meissner@...e.de> wrote:
> Mitre has now assigned CVE-2021-3347.
> 
> On Fri, Jan 29, 2021 at 05:42:08PM +0100, Solar Designer wrote:
>> Hi,
>> 
>> I'm not familiar with futexes, but just to save others a few minutes on
>> looking this up:
> 
> (Is anyone? Futex are too complex for me at least, I would guess also 
> using them is error prone.)

Here’s some helpful context. "A futex overview and update” (2009) at https://lwn.net/Articles/360699/
"The futex mechanism... is a fast, lightweight kernel-assisted locking primitive for user-space applications. It provides for very fast uncontended lock acquisition and release. The futex state is stored in a user-space variable (an unsigned 32-bit integer on all platforms). Atomic operations are used in order to change the state of the futex in the uncontended case without the overhead of a syscall. In the contended cases, the kernel is invoked to put tasks to sleep and wake them up. Futexes are the basis of several mutual exclusion constructs commonly used in threaded programming."

More recently: "Rethinking the futex API” (2020): https://lwn.net/Articles/823513/
"The current effort to rework futexes appears to be driven by a couple of concerns. One that goes mostly unstated is the desire to create a system-call interface that makes a bit more sense than futex(), which is a complex, multiplexed API with wildly varying arguments and a number of special cases.”

--- David A. Wheeler

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.