Security exploit in shmfs?

From: Richard Gooch (rgooch@atnf.csiro.au)
Date: Thu Mar 16 2000 - 03:18:03 EST

Next message: jsun@mvista.com: "run-away __cli() function call in do_rw_disk()?"
Previous message: Michael Gerdts: "2.3.99-pre1 compile problem: sparc mm/filemap.c"
Next in thread: Alan Cox: "Re: Security exploit in shmfs?"
Reply: Alan Cox: "Re: Security exploit in shmfs?"
Reply: Christoph Rohland: "Re: Security exploit in shmfs?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi, all. It looks like there is a potential security hole in the new
shmfs code. In ipc/shm.c:sys_shmat() the root directory is temporarily
changed for a while. A CLONE_FS clone can then come in and take
advantage of this exposure. This needs to be fixed.
This is in 2.3.99-pre2.

Frankly, I'd rather see the old SysV IPC code restored, especially
since we're so close to 2.4. At least it's a known quantity.

Regards,

Richard....
Permanent: rgooch@atnf.csiro.au
Current: rgooch@ras.ucalgary.ca

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: jsun@mvista.com: "run-away __cli() function call in do_rw_disk()?"
Previous message: Michael Gerdts: "2.3.99-pre1 compile problem: sparc mm/filemap.c"
Next in thread: Alan Cox: "Re: Security exploit in shmfs?"
Reply: Alan Cox: "Re: Security exploit in shmfs?"
Reply: Christoph Rohland: "Re: Security exploit in shmfs?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Mar 23 2000 - 21:00:17 EST