Date: Tue, 11 Aug 2009 11:17:12 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: "Steven M. Christey" <coley@...us.mitre.org>, Kees Cook <kees@...ntu.com> Subject: CVE-2009-2691 kernel: /proc/$pid/maps visible during initial setuid ELF loading Steve Beattie and Kees Cook noticed that the /proc/$pid/maps and smaps files are readable during ELF loading for processes that a user should not normally be able to see (for example, when launching a setuid process). I have assigned this with CVE-2009-2691. Upstream commits: http://git.kernel.org/linus/13f0feafa6b8aead57a2a328e2fca6a5828bf286 http://git.kernel.org/linus/00f89d218523b9bf6b522349c039d5ac80aa536d http://git.kernel.org/linus/704b836cbf19e885f8366bccb2e4b0474346c02d References: http://lkml.org/lkml/2009/6/23/652 http://lkml.org/lkml/2009/6/23/653 http://marc.info/?l=linux-kernel&m=124718946021193 http://marc.info/?l=linux-kernel&m=124718949821250 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-2691 Thanks, Eugene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.