Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 12 Mar 2010 14:32:49 +0800
From: Eugene Teo <>
Subject: CVE-2010-0729 kernel: ia64: ptrace: peek_or_poke requests miss ptrace_check_attach()

The "ia64: fix deadlock in ia64 sys_ptrace" patch (no reference as it's 
only added in our shipped kernels) moved ptrace_check_attach() from 
find_thread_for_addr() to tasklist-is-not-held area. However it 
introduced other problems.

One of the problems is security-relevant. In certain code path, it is 
possible that ptrace_check_attach() is not called, and the user can do 
ptrace() on any target even without PTRACH_ATTACH.

This only affects Red Hat Enterprise Linux 4.

Thanks, Eugene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.