Just from a quick scan:
1) No down() is done on the core file's inode semaphore for the
write operations. I suppose a nice racey exploit could be used
which involved opening a core file while the kernel was still
writing to it and doing "stuff".
2) If write or seek fail in various places here, it just returns zero
and leaves us in KERNEL_DS, this is really bad. These kinds of
errors are why I hate macros which "return", it's asking for a bug.
I'm not saying either is the cause of the crash here, but ELF core
dumping needs some serious code review....
Later,
David S. Miller
davem@dm.cobaltmicro.com
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/