Re: New do_mremap vulnerabitily.

From: Chris Friesen
Date: Wed Feb 18 2004 - 17:15:51 EST

Next message: Paul E. McKenney: "Re: Non-GPL export of invalidate_mmap_range"
Previous message: Paul Clements: "Re: nbd oops on unload. [PATCH x2]"
In reply to: Linus Torvalds: "Re: New do_mremap vulnerabitily."
Next in thread: Linus Torvalds: "Re: New do_mremap vulnerabitily."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Linus Torvalds wrote:

Fixed in 2.6.3 and 2.4.25 (and, I think, vendor kernels), please upgrade
if you allow local shell access to untrusted users.

There is still a call to do_munmap() that does not check the return code, called from move_vma(), which in turn is called in do_mremap().

Can that call ever fail and cause Bad Things to happen?

If we know that its never going to fail, it might be useful to have a comment explaining it so we don't open up more exploits in the future.

Chris

--
Chris Friesen | MailStop: 043/33/F10
Nortel Networks | work: (613) 765-0557
3500 Carling Avenue | fax: (613) 765-2986
Nepean, ON K2H 8E9 Canada | email: cfriesen@xxxxxxxxxxxxxxxxxx

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Paul E. McKenney: "Re: Non-GPL export of invalidate_mmap_range"
Previous message: Paul Clements: "Re: nbd oops on unload. [PATCH x2]"
In reply to: Linus Torvalds: "Re: New do_mremap vulnerabitily."
Next in thread: Linus Torvalds: "Re: New do_mremap vulnerabitily."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]