Re: inode->i_count security hole

Chris Evans (chris@ferret.lmh.ox.ac.uk)
Mon, 12 Jan 1998 14:39:38 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Erik Corry: "Re: devfs patch v3"
Previous message: Samuli Karkkainen: "st0: Error 26030000 with BT-948, HP35480A DAT, 2.0.32"
In reply to: Arthur Jerijian: "[Feature Wish] GGI in Linux 2.3"
Next in thread: Jason McMullan: "Re: [Feature Wish] GGI in Linux 2.3"

On Mon, 12 Jan 1998, Alan Cox wrote:

> > Looking forward to 2.0.34 (with idt mem leak fix? This could be used as a
> > local DoS)
>
> Actually you can do better than a DoS attack with it. The fix is to make
> i_count a long at the moment.

Yes I know its a potential ->root hole. The (potential) DoS I was
referring to is the idt mem leak in arch/i386/process.c

> A related one kills every Unix we've tested stone dead.

Ouch, including OpenBSD? Heh heh heh.

Chris

Next message: Erik Corry: "Re: devfs patch v3"
Previous message: Samuli Karkkainen: "st0: Error 26030000 with BT-948, HP35480A DAT, 2.0.32"
In reply to: Arthur Jerijian: "[Feature Wish] GGI in Linux 2.3"
Next in thread: Jason McMullan: "Re: [Feature Wish] GGI in Linux 2.3"