On Mon, 28 Aug 2000, Linus Torvalds wrote:

> > b) we are using the same thing in do_signal() on all architectures.
> Yes, this could be cleaned up.

Umm... That too, but I mean unprotected access to ->p_pptr.

> > c) generating ELF coredumps and exec.c::must_not_trace_exec() are
> > vulnerable too.
> Basically anything that uses p_pptr, I think. Which is not that much.

Nah... About a half of these places is under the tasklist_lock.

> > d) Where do we initialize ->p_pptr if test in the beginning of
> > do_fork() fails?
> Look at the line that says "*p = *current", and grok it.

<self-LART> Ouch. </self-LART>
I need more coffee. Sorry.

> Anyway, what I really wanted to know was whether I was overlooking
> something or not. You seem to agree that it looks like a real bug.

It does.

