Re: Fix prctl privilege escalation (CVE-2006-2451)

From: Gabor MICSKO
Date: Wed Jul 12 2006 - 12:02:31 EST


Already fixed since 07/06/2006:

http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commit;h=0af184bb9f80edfbb94de46cb52e9592e5a547b0
http://www.kernel.org/git/?p=linux/kernel/git/stable/linux-2.6.17.y.git;a=commitdiff;h=0af184bb9f80edfbb94de46cb52e9592e5a547b0;hp=52cbb7b78994ea3799f1bbb8c03bce1e2f72a271

On Wed, 2006-07-12 at 13:12 +0200, Marcel Holtmann wrote:
> Hi Linus,
>
> attached is the fix with full explanation for CVE-2006-2451. It fixes a
> possible privilege escalation through the prctl() system call.
>
> I also put Michael Kerrisk on CC, because the manual page of prctl()
> needs adjustment. The value 2 for the PR_SET_DUMPABLE flag is no longer
> valid after this patch. The only way to get root-owned core dumps is
> through /proc/sys/fs/suid_dumpable and the manual page should reflect
> that.
>
> Regards
>
> Marcel

--
Micskà GÃbor
HP APS, AIS, ASE
SzintÃzis ZRt.
H-9023 GyÅr, Tihanyi Ã. u. 2.
Tel: +36 96 502 216
Fax: +36 96 318 658
E-mail: gmicsko@xxxxxxxxxxxx

Attachment: signature.asc
Description: This is a digitally signed message part