Re: [oss-security] CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling

On 01/18/2012 10:30 AM, Kurt Seifried wrote:
> On 01/17/2012 07:25 PM, Eugene Teo wrote:
>> "Jüri Aedla reported that the /proc/<pid>/mem handling really isn't very
>> robust, and it also doesn't match the permission checking of any of the
>> other related files.
>>
>> This changes it to do the permission checks at open time, and instead of
>> tracking the process, it tracks the VM at the time of the open. That
>> simplifies the code a lot, but does mean that if you hold the file
>> descriptor open over an execve(), you'll continue to read from the _old_ VM.
>>
>> That is different from our previous behavior, but much simpler. If
>> somebody actually finds a load where this matters, we'll need to revert
>> this commit.
>>
>> I suspect that nobody will ever notice - because the process mapping
>> addresses will also have changed as part of the execve. So you cannot
>> actually usefully access the fd across a VM change simply because all
>> the offsets for IO would have changed too."
>>
>> http://git.kernel.org/linus/e268337dfe26dfc7efd422a804dbb27977a3cccc
>>
>> Thanks, Eugene
> Please use CVE-2012-0056 for this issue.

Reference:
https://bugzilla.redhat.com/CVE-2012-0056

Thanks, Eugene

• This message: [ Message body ]
• Next message: Eugene Teo: "[oss-security] CVE request: kernel: Unused iocbs in a batch should not be accounted as active"
• Previous message: Eugene Teo: "Re: [oss-security] CVE-2012-0207 kernel: igmp: Avoid zero delay when receiving odd mixture of IGMP queries"
• In reply to: Kurt Seifried: "Re: [oss-security] CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling"
• Next in thread: Kees Cook: "Re: [oss-security] CVE request: kernel: proc: clean up and fix /proc/<pid>/mem handling"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]