Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 15 Feb 2010 14:05:26 +0800
From: Eugene Teo <>
CC: "Steven M. Christey" <>
Subject: Re: CVE request - kernel: race in ptrace

On 02/10/2010 09:02 PM, Eugene Teo wrote:
> On 02/09/2010 02:34 PM, Eugene Teo wrote:
>> Discovered by Tavis Ormandy. "The race involves interaction between a
>> tracer, a tracee and an antagonist. The tracer is tracing the tracee
>> with PTRACE_SYSCALL and waits on the tracee. In the mean time, an
>> antagonist blasts the tracee with SIGCONTs.
>> The observed issue is that sometimes when the tracer attempts to
>> continue the tracee with PTRACE_SYSCALL, it gets a return value of
>> -ESRCH, indicating that the tracee is already running (or not being
>> traced). It turns out that a SIGCONT wakes up the tracee in kernel mode,
>> and for a moment the tracee's state is TASK_RUNNING then in ptrace_stop
>> we hit the condition where the tracee is found to be running (and thus
>> not traced). If the syscall is repeated, the
>> second time it usually succeeds (because by that time, the tracee has
>> been put into TASK_TRACED)."
> Hold on with assigning a CVE name for this. We are still investigating
> this issue.

False alarm ;)

Thanks, Eugene
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.