Date: Mon, 2 Mar 2009 14:44:05 +0800 From: Eugene Teo <eugeneteo@...nel.sg> To: oss-security@...ts.openwall.com Subject: CVE request: kernel: x86-64: seccomp: 32/64 syscall hole On x86-64, a 32-bit process (TIF_IA32) can switch to 64-bit mode with ljmp, and then use the "syscall" instruction to make a 64-bit system call. A 64-bit process make a 32-bit system call with int $0x80. In both these cases under CONFIG_SECCOMP=y, secure_computing() will use the wrong system call number table. The fix is simple: test TS_COMPAT instead of TIF_IA32. Credit: Chris Evans. References: https://bugzilla.redhat.com/show_bug.cgi?id=487255 http://scary.beasts.org/security/CESA-2009-001.html http://scary.beasts.org/security/CESA-2009-004.html http://lkml.org/lkml/2009/2/27/451 summary http://lkml.org/lkml/2009/2/27/452 syscall-audit http://lkml.org/lkml/2009/2/27/453 seccomp http://lkml.org/lkml/2009/2/28/23 seccomp follow-ups
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.