[oss-security] CVE request: kernel: /proc/$pid/ leaks contents across setuid exec

Hi,

I'd like to get a CVE assigned for this information leak issue:
https://lkml.org/lkml/2011/2/7/368

Pre-opened file descriptors in /proc/$pid/ can bypass DAC allowing
visibility into setuid process state, especially leaking ASLR offset.

Thanks,

-Kees

-- Kees Cook Ubuntu Security Team

• This message: [ Message body ]
• Next message: Eugene Teo: "Re: [oss-security] CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN"
• Previous message: Kees Cook: "[oss-security] CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN"
• Next in thread: Eugene Teo: "Re: [oss-security] CVE request: kernel: /proc/$pid/ leaks contents across setuid exec"
• Reply: Eugene Teo: "Re: [oss-security] CVE request: kernel: /proc/$pid/ leaks contents across setuid exec"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]