Re: [PATCH] send_sigio_to_task: sanitize the usage of fown->signum

From: David Howells
Date: Tue Jun 16 2009 - 19:11:35 EST

Next message: Mr. George Howard Kofi: "DEAR BENEFICIARY YOUR PAYMENT HAVE BEEN APPROVE BY SWIFT ATM DEBIT CARD, YOUR REPLY IS NEEDED."
Previous message: Alan Cox: "Re: [PATCH 00/17] [RFC] AFS: Implement OpenAFS pioctls(version)s"
In reply to: James Morris: "Re: [PATCH] send_sigio_to_task: sanitize the usage of fown->signum"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Oleg Nesterov <oleg@xxxxxxxxxx> wrote:

> send_sigio_to_task() reads fown->signum several times, we can race with
> F_SETSIG which changes ->signum lockless. In theory, this can fool security
> checks or we can call group_send_sig_info() with the wrong ->si_signo which
> does not match "int sig".
>
> Change the code to cache ->signum.
>
> Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx>

Acked-by: David Howells <dhowells@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mr. George Howard Kofi: "DEAR BENEFICIARY YOUR PAYMENT HAVE BEEN APPROVE BY SWIFT ATM DEBIT CARD, YOUR REPLY IS NEEDED."
Previous message: Alan Cox: "Re: [PATCH 00/17] [RFC] AFS: Implement OpenAFS pioctls(version)s"
In reply to: James Morris: "Re: [PATCH] send_sigio_to_task: sanitize the usage of fown->signum"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]