Re: Potenitial security hole in the kernel

From: Brett Frankenberger (rbf@rbfnet.com)
Date: Mon May 28 2001 - 17:44:08 EST


>
> Hi folks,
>
> Please correct me if i'm wrong but it seems to me that i've stumbled on
> really BIG security hole in the signal handling code.
> The problem IMO is that the signal handling code stores a processor context
> on the user-mode stack frame which is active while
> the signal handler is running. Then sys_sigreturn restores back the context
> from user mode stack...
> Suppose the signal handler modifies this context frame for example by
> storing into the PC slot address of the panic routine
> then when handler will exit panic will be called with obvious results.
>
>
> Please CC your comments to me directly as i'm not subscibed to this list
>
> Vadim Lebedev
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Thu May 31 2001 - 21:00:38 EST