Re: Ho ho ho - Linux v2.6.10

From: Alan Cox
Date: Sun Dec 26 2004 - 11:53:25 EST

Next message: Alan Stern: "Re: [Linux-usb-users] Re: Ho ho ho - Linux v2.6.10 [USB Issues]"
Previous message: Nauman: "TEST MAIL DONT BOTHER TO OPEN"
In reply to: Rafael J. Wysocki: "Re: Ho ho ho - Linux v2.6.10"
Next in thread: Paolo Ciarrocchi: "Re: Ho ho ho - Linux v2.6.10"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sad, 2004-12-25 at 12:19, Alan Cox wrote:
> - It seems the security hole inducing exec_id change was not reverted
> and I've not yet found any other changes that fix the same problem
> (setuid_app >/proc/self/mem) in 2.6.10. It was actually quite nasty as a
> hole because you can seek the fd to the right target address before
> execing. With the other /proc changes did I miss something on this one

Thankfully I missed something as the test app shows

static char foo[5]="GOOD";

int main(int argc, char *argv[])
{
lseek(1, (unsigned long) foo, 0);
if(write(1, "BAD!", 4) != 4)
perror("write");
write(2, foo, 4);
}

Running ./a.out >/proc/self/mem produces the desired write error still
in 2.6.10

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Stern: "Re: [Linux-usb-users] Re: Ho ho ho - Linux v2.6.10 [USB Issues]"
Previous message: Nauman: "TEST MAIL DONT BOTHER TO OPEN"
In reply to: Rafael J. Wysocki: "Re: Ho ho ho - Linux v2.6.10"
Next in thread: Paolo Ciarrocchi: "Re: Ho ho ho - Linux v2.6.10"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]