Re: [PATCH] send_sigio_to_task: sanitize the usage of fown->signum

From: David Howells
Date: Tue Jun 16 2009 - 19:11:35 EST


Oleg Nesterov <oleg@xxxxxxxxxx> wrote:

> send_sigio_to_task() reads fown->signum several times, we can race with
> F_SETSIG which changes ->signum lockless. In theory, this can fool security
> checks or we can call group_send_sig_info() with the wrong ->si_signo which
> does not match "int sig".
>
> Change the code to cache ->signum.
>
> Signed-off-by: Oleg Nesterov <oleg@xxxxxxxxxx>

Acked-by: David Howells <dhowells@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/