Re: BK2CVS problem

From: Larry McVoy
Date: Wed Nov 05 2003 - 18:04:54 EST

Next message: Martin J. Bligh: "Re: 2.6.0-test9-mm2"
Previous message: Ronald Lembcke: "PATCH: bugfix für RadeonFB (against 2.4.22-ac4, bug in 2.6.0-test9, too)"
In reply to: Zwane Mwaikambo: "RE: BK2CVS problem"
Next in thread: Tomas Szepe: "Re: BK2CVS problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Nov 05, 2003 at 04:48:09PM -0600, Chad Kitching wrote:
> From: Zwane Mwaikambo
> > > + if ((options == (__WCLONE|__WALL)) && (current->uid = 0))
> > > + retval = -EINVAL;
> >
> > That looks odd
> >
>
> Setting current->uid to zero when options __WCLONE and __WALL are set? The
> retval is dead code because of the next line, but it looks like an attempt
> to backdoor the kernel, does it not?

It sure does. Note "current->uid = 0", not "current->uid == 0".
Good eyes, I missed that. This function is sys_wait4() so by passing in
__WCLONE|__WALL you are root. How nice.
--
---
Larry McVoy lm at bitmover.com http://www.bitmover.com/lm
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Martin J. Bligh: "Re: 2.6.0-test9-mm2"
Previous message: Ronald Lembcke: "PATCH: bugfix für RadeonFB (against 2.4.22-ac4, bug in 2.6.0-test9, too)"
In reply to: Zwane Mwaikambo: "RE: BK2CVS problem"
Next in thread: Tomas Szepe: "Re: BK2CVS problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]