[PATCH] (please check) Potential security fix for i386/kernel/ptrace.c

Jamie Lokier (lkd@tantalophile.demon.co.uk)
Sun, 20 Sep 1998 20:09:55 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Doug Ledford: "Re: Confusing AIC 7xxx driver messages"
Previous message: Adam Sulmicki: "Re: OpenBIOS (was Re: UDI and Politics (was Re: Linux, UDI and SCO.) )"

I don't know the i386 well enough to know if this is fix is required.
And I don't have manuals handy. So someone please check this.

The below patch (hand crafted, not tested) may prevent a security
problem that arises when __PAGE_OFFSET is changed from its default value
of 0xc0000000 on i386. This is done when someone needs to use >1Gb RAM.

The problem is that a user may be able to a hardware breakpoint in the
kernel address range; who knows what affect that may have. This may
crash the kernel or simply leak information; either thing is not good.

This doesn't have any effect unless you have to change __PAGE_OFFSET.

-- Jamie

--- linux/arch/i386/kernel/ptrace.c
+++ linux/arch/i386/kernel/ptrace.c
@@ -477,7 +477,7 @@
if(addr == (long) &dummy->u_debugreg[4]) return -EIO;
if(addr == (long) &dummy->u_debugreg[5]) return -EIO;
if(addr < (long) &dummy->u_debugreg[4] &&
- ((unsigned long) data) >= 0xbffffffd) return -EIO;
+ ((unsigned long) data) >= TASK_SIZE-3) return -EIO;

ret = -EIO;
if(addr == (long) &dummy->u_debugreg[7]) {

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Doug Ledford: "Re: Confusing AIC 7xxx driver messages"
Previous message: Adam Sulmicki: "Re: OpenBIOS (was Re: UDI and Politics (was Re: Linux, UDI and SCO.) )"